// nolint:dupl
package database

import (
	"context"
	"encoding/json"
	"fmt"

	"github.com/go-redis/redis"
	"github.com/ory/fosite"
	"github.com/pkg/errors"

	"edge-infra.dev/pkg/edge/iam/client"
	"edge-infra.dev/pkg/edge/iam/config"
	"edge-infra.dev/pkg/edge/iam/crypto"
	"edge-infra.dev/pkg/edge/iam/log"
	"edge-infra.dev/pkg/edge/iam/storage"
)

func (s *Store) CreateAccessTokenSession(ctx context.Context, signature string, request fosite.Requester) (err error) {
	log := log.Get(ctx)

	tokenKey := keyFrom(KeyPrefixAccessToken, signature)
	r := storage.ToStorage(signature, request)

	masked := r.ToMaskedRequest(ctx)
	maskedJSON, _ := json.Marshal(masked)
	client := request.GetClient().(*client.Client)
	log.Info("access token created", "request", string(maskedJSON), "client CR", client.GetName())

	err = s.set(tokenKey, r, config.GetAccessTokenTTL())
	if err != nil {
		return errors.Wrap(err, "failed to create access token session")
	}

	tokenReqKey := keyFrom(KeyPrefixAccessTokenReq, request.GetID())
	if config.EncryptionEnabled() {
		encryptedVal, err := crypto.EncryptRedis([]byte(signature), config.EncryptionKey())
		if err != nil {
			return err
		}
		signature = encryptedVal
	}
	if err := s.RedisDB.Set(tokenReqKey, signature, config.GetAccessTokenTTL()).Err(); err != nil {
		return errors.Wrap(err, "failed to create access token request")
	}

	return nil
}

func (s *Store) GetAccessTokenSession(ctx context.Context, signature string, session fosite.Session) (request fosite.Requester, err error) {
	key := keyFrom(KeyPrefixAccessToken, signature)
	req, err := s.get(key)
	if err == redis.Nil {
		return nil, errors.Wrap(fosite.ErrNotFound, "")
	} else if err != nil {
		return nil, errors.WithStack(err)
	}

	// Transform to a fosite.Request
	iamClient, err := s.GetIAMClient(ctx, req.ClientID)
	if err != nil {
		s.Log.Info("failed to get client in db", "error", err, "id", req.ClientID)
		return nil, err
	}
	request, err = req.ToFositeRequest(ctx, session, iamClient)
	if err != nil {
		if err == fosite.ErrNotFound {
			s.Log.Info("failed to transform a fosite session to a fosite request.", "error", err)
			return nil, err
		}

		return nil, err
	}

	return request, err
}

func (s *Store) DeleteAccessTokenSession(_ context.Context, signature string) (err error) {
	key := keyFrom(KeyPrefixAccessToken, signature)
	err = s.RedisDB.Del(key).Err()
	if err != nil {
		return errors.Wrap(err, fmt.Sprintf("failed to delete key '%v'", key))
	}

	return nil
}