package clientctl

import (
	"context"
	"fmt"
	"reflect"

	api "edge-infra.dev/pkg/edge/iam/api/v1alpha1"

	"github.com/ory/x/randx"
	apiv1 "k8s.io/api/core/v1"
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
	ctrl "sigs.k8s.io/controller-runtime"
	logger "sigs.k8s.io/controller-runtime/pkg/log"

	"github.com/gofrs/uuid"
)

func (r *ClientReconciler) reconcileClientSecret(ctx context.Context, req ctrl.Request, client api.Client) (api.Client, *apiv1.Secret, error) {
	secret, err := clientSecretExists(ctx, req, r.Client, client.Spec.SecretName)
	if err != nil {
		return api.MarkNotReady(client, ClientSecretExistFailure, err.Error()), nil, err
	}

	// client secret exists, return it
	if secret != nil {
		return client, secret, nil
	}

	// client secret does not exist, let's create it
	secret, err = r.createSecret(ctx, client)
	if err != nil {
		return api.MarkNotReady(client, ClientSecretCreationFailure, err.Error()), nil, err
	}
	return client, secret, nil
}
func (r *ClientReconciler) ownerRef(client *api.Client) []metav1.OwnerReference {
	kind := reflect.TypeOf(api.Client{}).Name()
	ownerRef := []metav1.OwnerReference{
		*metav1.NewControllerRef(
			client,
			api.GroupVersion.WithKind(kind),
		),
	}
	return ownerRef
}
func (r *ClientReconciler) createSecret(ctx context.Context, client api.Client) (*apiv1.Secret, error) {
	log := logger.FromContext(ctx)

	generatedID, _ := uuid.NewV4()
	generatedSecret, _ := generateSecret(26)
	secret := apiv1.Secret{
		ObjectMeta: metav1.ObjectMeta{
			Name:            client.Spec.SecretName,
			Namespace:       client.Namespace,
			OwnerReferences: r.ownerRef(&client),
		},
		Data: map[string][]byte{
			"client_id":     []byte(generatedID.String()),
			"client_secret": generatedSecret,
		},
	}

	err := r.Create(ctx, &secret)
	if err != nil {
		return nil, fmt.Errorf("failed to create client secret name '%v'", client.Spec.SecretName)
	}
	log.Info("client secret created successfully", "name", client.Spec.SecretName)
	return &secret, nil
}

var secretCharSet = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890_-.~")

func generateSecret(length int) ([]byte, error) {
	secret, err := randx.RuneSequence(length, secretCharSet)
	if err != nil {
		return []byte{}, err
	}
	return []byte(string(secret)), nil
}