package service

import (
	"orbits-server/internal/server/api/assets"
	"orbits-server/internal/server/database"
	"orbits-server/internal/shared/security"
	"strings"
	"time"

	"gorm.io/gorm"
)

const (
	accessKeyLen = 32
)

type KeyService struct {
	db *gorm.DB
}

func NewKeyService(db *gorm.DB) *KeyService {
	return &KeyService{
		db: db,
	}
}

func (s *KeyService) Create(name string, expiresAt time.Time) (assets.KeyResponse, error) {
	keyContent := security.GenerateChars(accessKeyLen)

	hash, err := security.HashKey(keyContent)
	if err != nil {
		return assets.KeyResponse{}, err
	}

	keyRecord, err := database.BuildKeyRecord(hash, name, expiresAt)
	if err != nil {
		return assets.KeyResponse{}, err
	}

	if err := database.CreateKey(s.db, &keyRecord); err != nil {
		return assets.KeyResponse{}, err
	}

	keyResponse := assets.KeyResponse{
		ID:        keyRecord.ID,
		MetaName:  keyRecord.MetaName,
		KeyID:     keyRecord.KeyID,
		KeySecret: keyContent,
		CreatedAt: keyRecord.CreatedAt,
		UpdatedAt: keyRecord.UpdatedAt,
		ExpiresAt: keyRecord.ExpiresAt,
	}

	return keyResponse, nil
}

func (s *KeyService) Validate(token string) bool {
	parts := strings.SplitN(token, ".", 2)
	if len(parts) != 2 {
		return false
	}

	keyID := parts[0]
	secret := parts[1]

	key, err := database.FindKeyByKeyID(s.db, keyID)
	if err != nil {
		return false
	}

	if key.Revoked || time.Now().After(key.ExpiresAt) {
		return false
	}

	if !security.CompareKey(key.KeyHash, secret) {
		return false
	}

	return true
}

func (s *KeyService) DeleteByName(name string) error {
	keyRecord, err := database.FindKeyByKeyID(s.db, name)
	if err != nil {
		return err
	}

	if err := database.DeleteKeyByID(s.db, keyRecord.ID); err != nil {
		return err
	}

	return nil
}