using Microsoft.IdentityModel.Tokens;
using Modules.User.Application.Settings;
using Modules.User.Domain.Gateways;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Security.Cryptography;
using System.Text;

namespace Modules.User.Application;

public class TokenGenerator : IRefreshTokenGateway
{
    private readonly ushort _length = 128;

    public string GenerateRefreshToken()
    {
        var randomBytes = new byte[_length];
        using var rng = RandomNumberGenerator.Create();
        rng.GetBytes(randomBytes);
        return Convert.ToBase64String(randomBytes);
    }

    internal string GenerateAccessToken(Domain.Entities.User.User user, Domain.Entities.Account.Session session, JwtSettings jwtSettings)
    {
        if (jwtSettings.AccessTokenExpireTime < TimeSpan.FromSeconds(10)) throw new Exception("AccessTokenExpireTime must be greater than 10 seconds");

        var securityKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.SecurityKey));
        var signingCredentials = new SigningCredentials(securityKey, SecurityAlgorithms.HmacSha256);


        var claims = new List<Claim>
        {
            new(Constants.AccountIdKey, user.Account.Id.ToString() ?? ""),
            new(Constants.SessionIdKey, session.Id.ToString() ?? ""),
        };

        var tokenOptions = new JwtSecurityToken(
            issuer: jwtSettings.Issuer,
            audience: jwtSettings.Audience,
            claims: claims,
            expires: DateTime.UtcNow.Add(jwtSettings.AccessTokenExpireTime),
            signingCredentials: signingCredentials);

        var token = new JwtSecurityTokenHandler().WriteToken(tokenOptions);

        return token;
    }
}