package handlers

import (
	"platform/pkg/u"
	auth2 "platform/web/auth"
	m "platform/web/models"
	q "platform/web/queries"

	"github.com/gofiber/fiber/v2"
)

// region /revoke

type RevokeReq struct {
	AccessToken  string `json:"access_token"`
	RefreshToken string `json:"refresh_token"`
}

func Revoke(c *fiber.Ctx) error {
	_, err := auth2.GetAuthCtx(c).PermitUser()
	if err != nil {
		// 用户未登录
		return nil
	}

	// 解析请求参数
	req := new(RevokeReq)
	if err := c.BodyParser(req); err != nil {
		return err
	}

	// 删除会话
	err = auth2.RemoveSession(c.Context(), req.AccessToken, req.RefreshToken)
	if err != nil {
		return err
	}

	return nil
}

// endregion

// region /profile

type IntrospectResp struct {
	m.User
	HasPassword bool `json:"has_password"` // 是否设置了密码
}

func Introspect(c *fiber.Ctx) error {
	// 验证权限
	authCtx, err := auth2.GetAuthCtx(c).PermitUser()
	if err != nil {
		return err
	}

	// 获取用户信息
	profile, err := q.User.
		Where(q.User.ID.Eq(authCtx.User.ID)).
		Omit(q.User.DeletedAt).
		Take()
	if err != nil {
		return err
	}

	// 检查用户是否设置了密码
	hasPassword := false
	if profile.Password != nil && *profile.Password != "" {
		hasPassword = true
		profile.Password = nil // 不返回密码
	}

	// 掩码敏感信息
	if profile.Phone != "" {
		profile.Phone = maskPhone(profile.Phone)
	}
	if profile.IDNo != nil && *profile.IDNo != "" {
		profile.IDNo = u.P(maskIdNo(*profile.IDNo))
	}
	return c.JSON(IntrospectResp{*profile, hasPassword})
}

func maskPhone(phone string) string {
	if len(phone) < 11 {
		return phone
	}
	return phone[:3] + "****" + phone[7:]
}

func maskIdNo(idNo string) string {
	if len(idNo) < 18 {
		return idNo
	}
	return idNo[:3] + "*********" + idNo[14:]
}

// endregion