package oauth2

import (
	"context"
	"encoding/json"
	"errors"

	"github.com/ory/fosite/token/jwt"

	"edge-infra.dev/pkg/edge/iam/profile"
)

type UserInfo struct {
	JWTStrategy *jwt.RS256JWTStrategy
	profile.Storage
}

func NewUserInfo(jwtStrategy *jwt.RS256JWTStrategy, storage profile.Storage) *UserInfo {
	return &UserInfo{
		JWTStrategy: jwtStrategy,
		Storage:     storage,
	}
}

func (u *UserInfo) ValidateAccessToken(ctx context.Context, token string) error {
	_, err := u.JWTStrategy.Validate(ctx, token)
	return err
}

func (u *UserInfo) GetSubject(ctx context.Context, token string) (string, error) {
	decoded, err := u.JWTStrategy.Decode(ctx, token)
	if err != nil {
		return "", err
	}
	return decoded.Claims["sub"].(string), nil
}

func (u *UserInfo) GetIdentityClaims(ctx context.Context, subject string) (map[string]interface{}, error) {
	profile, err := u.GetIdentityProfile(ctx, subject)
	if err != nil {
		return nil, err
	}
	if profile == nil {
		return nil, errors.New("profile doesn't exist for requested user")
	}
	var profileMap map[string]interface{}
	profileBytes, err := json.Marshal(profile)
	if err != nil {
		return nil, err
	}
	err = json.Unmarshal(profileBytes, &profileMap)
	if err != nil {
		return nil, err
	}
	delete(profileMap, "rls")
	delete(profileMap, "org")
	delete(profileMap, "last_updated")
	delete(profileMap, "alias")
	return profileMap, nil
}