package handlers

import (
	"errors"
	"net/http"
	"time"

	"github.com/gin-gonic/gin"

	"edge-infra.dev/pkg/edge/api/middleware"
	"edge-infra.dev/pkg/edge/auth-proxy/utils"
)

var (
	ErrEmptyBSLTokenResponse = errors.New("no response received or bsl token empty")
)

// Okta Token handler that updates the session with new token from bsl.
func (h ProxyHandler) SessionRefresh(req *http.Request, body []byte) (*http.Request, []byte, error) {
	respBody, err := utils.GetGraphqlResponse(body)
	if err != nil {
		h.log.Error(err, "failed to unmarshal client response")
		h.c.JSON(http.StatusInternalServerError, gin.H{"message": "Internal Server Error"})
		return req, body, err
	}
	var resp struct{ SessionRefresh string }
	if err := utils.Unpack(respBody.Data, &resp); err != nil {
		h.log.Error(err, "failed to unpack response")
		h.c.JSON(http.StatusInternalServerError, gin.H{"message": "Internal Server Error"})
		return req, body, err
	}
	if resp.SessionRefresh == "" {
		return req, body, ErrEmptyBSLTokenResponse
	}
	usr, err := middleware.ValidateAndGetUser(resp.SessionRefresh, h.tokenSecret)
	if err != nil {
		h.log.Error(err, "failed to validate user token")
		h.c.JSON(http.StatusInternalServerError, gin.H{"message": "Internal Server Error"})
		return req, body, err
	}
	h.session.Set("token", usr.Token)
	h.session.Set("refresh_token", usr.RefreshToken)
	h.session.Set("expires_on", time.Now().UTC().Add(h.sessionDuration))
	return req, body, h.session.Save()
}