package middlewares

import (
	"net/http"
	"strings"
	"system-trace/core/constants"
	"system-trace/core/database"
	"system-trace/core/modules/auth"
	"system-trace/core/types"
	"system-trace/core/utils"

	"github.com/gofiber/fiber/v2"
)

func ValidateSession(c *fiber.Ctx) error {
	p := new(types.PairTokens)
	if err := c.CookieParser(p); err != nil {
		return c.Status(http.StatusBadRequest).JSON(fiber.Map{
			"error": err.Error(),
		})
	}
	if !validatePair(c, p) {
		return c.Status(http.StatusForbidden).JSON(fiber.Map{
			"error": constants.UNAUTHORIZED,
		})
	}

	return c.Next()
}

func validatePair(c *fiber.Ctx, p *types.PairTokens) bool {
	if len(p.AccessToken) <= 0 || len(p.RefreshToken) <= 0 {
		return false
	}

	var userID int32
	claims, err := utils.ValidateJWT(p.AccessToken)
	if (err != nil && strings.Contains(err.Error(), "token is expired")) || claims["iss"] != constants.JWT_APP_ISS {
		rclaims, rerr := utils.ValidateJWT(p.RefreshToken)
		if rerr != nil || (rerr != nil && strings.Contains(rerr.Error(), "token is expired")) || rclaims["sub"] != p.AccessToken {
			return false
		}

		pt, err := database.GetPairOfTokens(p)
		if err != nil {
			return false
		}

		err = database.RevokePairOfTokens(p)
		if err != nil {
			return false
		}

		err = auth.GeneratePairAndSetCookie(c, pt.UserID)
		if err != nil {
			return false
		}

		userID = pt.UserID
	}

	userID = claims["sub"].(int32)
	c.Locals("userID", userID)

	return true
}