package authz

import (
	"context"
	"git.itzana.me/StrafesNET/dev-service/pkg/datastore"
	"git.itzana.me/StrafesNET/dev-service/pkg/model"
	"git.itzana.me/strafesnet/go-grpc/auth"
	"google.golang.org/protobuf/types/known/emptypb"
)

// ValidateSessionID validates a session ID and returns validation result
func (s *Service) ValidateSessionID(ctx context.Context, sessionID string) (bool, error) {
	// Call the gRPC service at the boundary
	resp, err := s.authClient.ValidateSession(ctx, &auth.IdMessage{SessionID: sessionID})
	if err != nil {
		return false, err
	}

	// Convert from gRPC to domain model
	return resp.Valid, nil
}

// GetUserRoles retrieves roles for a user from a session
func (s *Service) GetUserRoles(ctx context.Context, sessionID string) ([]model.UserRole, error) {
	// Call the gRPC service at the boundary
	resp, err := s.authClient.GetGroupRole(ctx, &auth.IdMessage{SessionID: sessionID})
	if err != nil {
		return nil, err
	}

	// Convert from gRPC to domain model
	var roles []model.UserRole
	for _, role := range resp.Roles {
		roles = append(roles, model.UserRole{
			ID:          role.ID,
			DisplayName: role.DisplayName,
			Rank:        role.Rank,
		})
	}

	return roles, nil
}

// GetOrCreateUserFromSession retrieves user information from a session ID and ensures the user exists in the local datastore
func (s *Service) GetOrCreateUserFromSession(ctx context.Context, sessionID string) (*model.User, error) {
	// Call the gRPC service at the boundary
	resp, err := s.authClient.GetSessionUser(ctx, &auth.IdMessage{SessionID: sessionID})
	if err != nil {
		return nil, err
	}

	// Find the user in our datastore
	user, err := s.store.GetUser(ctx, resp.UserID)
	if err != nil {
		// User doesn't exist, create a new one
		newUser := &model.User{
			ID:          resp.UserID,
			Username:    resp.Username,
			Active:      true,
			RateLimitID: datastore.GetDefaultRateLimitID(),
		}

		err = s.store.CreateUser(ctx, newUser)
		if err != nil {
			return nil, err
		}
		return newUser, nil
	}

	return user, nil
}

// GetUserAuthProfile retrieves the raw user from the auth rpc
func (s *Service) GetUserAuthProfile(ctx context.Context, sessionID string) (*auth.SessionUserResponse, error) {
	resp, err := s.authClient.GetSessionUser(ctx, &auth.IdMessage{SessionID: sessionID})
	if err != nil {
		return nil, err
	}
	return resp, nil
}

// GetAuthMetadata retrieves auth url metadata
func (s *Service) GetAuthMetadata(ctx context.Context) (*auth.AuthMetadataResponse, error) {
	return s.authClient.GetAuthMetadata(ctx, &emptypb.Empty{})
}

// GetLoginUrl Gets the full URL to login
func (s *Service) GetLoginUrl(ctx context.Context) (string, error) {
	metadata, err := s.authClient.GetAuthMetadata(ctx, &emptypb.Empty{})
	if err != nil {
		return "", err
	}

	// Combine the login URL with the redirect parameter set to s.domain
	return metadata.LoginURL + "?redirect=" + s.domain, nil
}