package oauth2

import (
	"errors"

	"github.com/gin-gonic/gin"
	"github.com/gorilla/sessions"
)

func getChallenge(ctx *gin.Context) (string, bool) {
	return ctx.GetQuery("challenge")
}

func getContinuation(session *sessions.Session) (string, bool) {
	//https://go.dev/play/p/C0JFsFV6CVa -- Please check the code
	continuation, ok := session.Values["continuation"].(string)
	return continuation, ok
}

func getClientID(session *sessions.Session) (string, bool) {
	//https://go.dev/play/p/C0JFsFV6CVa -- Please check the code
	clientID, ok := session.Values["client_id"].(string)
	return clientID, ok
}

func ValidateChallenge(ctx *gin.Context, givenClientID string, session *sessions.Session) error {
	givenChallenge, wasGivenChallenge := getChallenge(ctx)
	sessionChallenge, haveContinuationInSession := getContinuation(session)
	sessionClientID, haveClientIDInSession := getClientID(session)

	if wasGivenChallenge && !haveContinuationInSession {
		return errors.New("dont have a matchting continuation in storage")
	}

	if wasGivenChallenge && !haveClientIDInSession {
		return errors.New("if you we're challenged, i need to know you")
	}

	if wasGivenChallenge && (givenClientID != sessionClientID) {
		return errors.New("not the right client")
	}

	if wasGivenChallenge && (givenChallenge != sessionChallenge) {
		return errors.New("challenge mismatch")
	}

	if !wasGivenChallenge && haveContinuationInSession {
		return errors.New("you need to challenge me")
	}

	return nil
}