package services

import (
	"context"
	"fmt"

	"edge-infra.dev/pkg/edge/bsl"

	"edge-infra.dev/pkg/edge/api/bsl/types"
	"edge-infra.dev/pkg/edge/api/graph/mapper"
	"edge-infra.dev/pkg/edge/api/graph/model"
	"edge-infra.dev/pkg/edge/api/utils"
)

const (
	assignGroupPath = "/security/group-memberships"
	revokeGroupPath = "/security/group-memberships/remove"
	getUsersGroups  = "/security/group-memberships/groups?username=%s"
	recoverPassword = "/security/security-user-passwords/%s/recover"
	tokenParam      = "token"
)

//go:generate mockgen -destination=../mocks/mock_role_service.go -package=mocks edge-infra.dev/pkg/edge/api/services RoleService
type RoleService interface {
	AddRoleToUser(ctx context.Context, username, roleName string) error
	AddRoleToUserLegacy(ctx context.Context, org, username, roleName string) error
	RevokeRoleFromUser(ctx context.Context, username, roleName string) error
	IsOrgAdmin(roles []string) bool
	IsBannerAdmin(roles []string) bool
	GetEdgeGroupsForUserUser(ctx context.Context, username string) ([]string, error)
	RecoverPassword(ctx context.Context, username string, organization string) error
}

type roleService struct {
	BSPConfig types.BSPConfig
	BSLClient *bsl.Client
}

func (r roleService) IsOrgAdmin(roles []string) bool {
	return utils.Contains(roles, string(model.RoleEdgeOrgAdmin))
}

func (r roleService) IsBannerAdmin(roles []string) bool {
	return utils.Contains(roles, string(model.RoleEdgeBannerAdmin))
}

func (r roleService) GetEdgeGroupsForUserUser(ctx context.Context, username string) ([]string, error) {
	return GetGroupsForUser(ctx, r.BSLClient.WithUserTokenCredentials(ctx), username)
}

func (r roleService) AddRoleToUser(ctx context.Context, username, roleName string) error {
	return r.BSLClient.
		WithUserTokenCredentials(ctx).
		SetPayload(mapper.ToGroupData(username, roleName)).
		Post(assignGroupPath)
}

func (r roleService) AddRoleToUserLegacy(ctx context.Context, org, username, roleName string) error {
	client, err := r.BSLClient.WithBackendOrgAccessKey(ctx, org)
	if err != nil {
		return err
	}
	return client.SetPayload(mapper.ToGroupData(username, roleName)).Post(assignGroupPath)
}

func (r roleService) RevokeRoleFromUser(ctx context.Context, username, roleName string) error {
	return r.BSLClient.
		WithUserTokenCredentials(ctx).
		SetPayload(mapper.ToGroupData(username, roleName)).
		Post(revokeGroupPath)
}

func (r roleService) RecoverPassword(ctx context.Context, username string, organization string) error {
	client, err := r.BSLClient.WithBackendOrgAccessKey(ctx, organization)
	if err != nil {
		return err
	}
	req := types.RecoverPasswordRequest{
		ResetURL:   r.BSPConfig.ResetURL,
		TokenParam: tokenParam,
	}
	return client.SetPayload(req).Post(fmt.Sprintf(recoverPassword, username))
}

func NewRoleService(BSPConfig types.BSPConfig, cl *bsl.Client) RoleService {
	return &roleService{
		BSPConfig: BSPConfig,
		BSLClient: cl,
	}
}