package session

import (
	"time"

	"edge-infra.dev/pkg/edge/iam/config"

	"github.com/mohae/deepcopy"
	"github.com/ory/fosite"
	"github.com/ory/fosite/handler/oauth2"
	"github.com/ory/fosite/handler/openid"
	"github.com/ory/fosite/token/jwt"
)

type Session interface {
	GetSubject() string
	SetSubject(subject string)
	SetChallenge(challenge string)
	SetOrg(value string)
	SetRls(value string)

	SetGivenName(value string)
	SetFamilyName(value string)
	SetFullName(value string)
	SetDeviceLogin(value string)
	SetEmail(value string)
	SetAge(value int)
	SetAddress(address map[string]interface{})

	AsFosite() fosite.Session
	AsOpenID() openid.DefaultSession
}

type DefaultSession struct {
	oauth2.JWTSession
	openid.DefaultSession
	fosite.Session
}

// type AuthorizeSession struct {
// 	method       string
// 	reason       string
// 	continuation string
// 	org          string
// 	rls          string
// }

func FromRequester(requester fosite.AccessRequester) Session {
	return requester.GetSession().(Session)
}

func NewSession(subject string) *DefaultSession {
	jwtHeaders := jwt.NewHeaders()
	jwtHeaders.Add("kid", config.PrivateKeyID())

	return &DefaultSession{
		JWTSession: oauth2.JWTSession{
			Subject:   subject,
			JWTHeader: jwtHeaders,
			JWTClaims: &jwt.JWTClaims{
				Issuer:  config.Issuer(),
				Subject: subject,
				Extra: map[string]interface{}{
					"rls": "",
					"org": config.OrganizationName(), // this is closer to what is needed, the FQN of the org
				},
			},
		},
		DefaultSession: openid.DefaultSession{
			Claims: &jwt.IDTokenClaims{
				Issuer:      config.Issuer(),
				Subject:     subject,
				Audience:    []string{},
				ExpiresAt:   time.Now().Add(time.Hour * 6),
				IssuedAt:    time.Now(),
				RequestedAt: time.Now(),
				AuthTime:    time.Now(),
				Extra:       make(map[string]interface{}),
			},
			Headers: jwtHeaders,
		},
	}
}

func (s *DefaultSession) AsFosite() fosite.Session {
	return s
}

func (s *DefaultSession) AsOpenID() openid.DefaultSession {
	return s.DefaultSession
}

func (s *DefaultSession) SetExpiresAt(key fosite.TokenType, exp time.Time) {
	s.JWTSession.SetExpiresAt(key, exp)
}

func (s *DefaultSession) GetExpiresAt(key fosite.TokenType) time.Time {
	return s.JWTSession.GetExpiresAt(key)
}

func (s *DefaultSession) GetUsername() string {
	return s.JWTSession.Username
}

func (s *DefaultSession) SetSubject(subject string) {
	s.JWTSession.Subject = subject
	s.JWTSession.JWTClaims.Subject = subject
	s.DefaultSession.Subject = subject
	s.DefaultSession.Claims.Subject = subject
}
func (s *DefaultSession) SetChallenge(value string) {
	s.JWTClaims.Add("challenge", value)
	s.JWTClaims.Extra["challenge"] = value
}
func (s *DefaultSession) GetChallenge() string {
	return s.JWTClaims.Extra["challenge"].(string)
}
func (s *DefaultSession) GetSubject() string {
	return s.JWTSession.Subject
}

func (s *DefaultSession) Clone() fosite.Session {
	return deepcopy.Copy(s).(fosite.Session)
}

func (s *DefaultSession) IDTokenClaims() *jwt.IDTokenClaims {
	return s.DefaultSession.IDTokenClaims()
}

func (s *DefaultSession) IDTokenHeaders() *jwt.Headers {
	return s.DefaultSession.IDTokenHeaders()
}

func (s *DefaultSession) SetOrg(value string) {
	s.JWTClaims.Add("org", value)
	s.JWTClaims.Extra["org"] = value
	// s.DefaultSession.IDTokenClaims().Extra["org"] = value
}

func (s *DefaultSession) SetRls(value string) {
	s.JWTClaims.Add("rls", value)
	s.JWTClaims.Extra["rls"] = value
	// s.DefaultSession.IDTokenClaims().Extra["rls"] = value
}

// SetGivenName sets the user's given name on the id token claims
func (s *DefaultSession) SetGivenName(value string) {
	if value != "" {
		s.DefaultSession.Claims.Extra["given_name"] = value
	}
}

// SetFamilyName sets the user's family name on the id token claims
func (s *DefaultSession) SetFamilyName(value string) {
	if value != "" {
		s.DefaultSession.Claims.Extra["family_name"] = value
	}
}

// SetFullName sets the user's full name on the id token claims
func (s *DefaultSession) SetFullName(value string) {
	if value != "" {
		s.DefaultSession.Claims.Extra["name"] = value
	}
}

// SetAge sets the user's age on the id token claims.
func (s *DefaultSession) SetAge(value int) {
	// assuming people below 1 year of age are not registered to sign in :)
	if value > 0 {
		s.DefaultSession.Claims.Extra["age"] = value
	}
}

// SetDeviceLogin sets the user's device login on the id token claims.
func (s *DefaultSession) SetDeviceLogin(value string) {
	if value != "" {
		s.DefaultSession.Claims.Extra["device_login"] = value
	}
}

// SetEmail sets the user's e-mail on the id token claims
func (s *DefaultSession) SetEmail(value string) {
	if value != "" {
		s.DefaultSession.Claims.Extra["email"] = value
	}
}

// SetAddress sets the user's address on the id token claims
func (s *DefaultSession) SetAddress(address map[string]interface{}) {
	if len(address) > 0 {
		s.DefaultSession.Claims.Extra["address"] = address
	}
}

func (s *DefaultSession) SetExtra(key, value string) {
	s.JWTClaims.Extra[key] = value
}