package restutility

import (
	"errors"
	"time"
	"crypto/sha256"
	"crypto/rand"
	"encoding/hex"
	"strings"
	"github.com/dgrijalva/jwt-go"
)

const OneDay  = time.Hour*24
const OneWeek = OneDay*7
const saltSize = 32
const appName  = "korisnicki-centar"
const secret   = "korisnicki-centar-api"

type Token struct {
	TokenString string `json:"token"`
}

type TokenClaims struct {
	Username string `json:"username"`
	Role string     `json:"role"`
	jwt.StandardClaims
}

type CredentialsStruct struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

func GenerateSalt() (string, error) {
	salt := ""
	
	rawsalt := make([]byte, saltSize)
	_, err := rand.Read(rawsalt)
	if err != nil {
		return "", err
	}
	salt = hex.EncodeToString(rawsalt)
	return salt, nil
}

func HashMessage(message string, presalt string) (string, string, error) {
	hash, salt := "", ""
	var err error

	// chech if message is presalted
	if presalt == "" {
		salt, err = GenerateSalt()
		if err != nil {
			return "", "", err
		}
	} else {
		salt = presalt
	}

	// convert strings to raw byte slices
	rawmessage := []byte(message)
	rawsalt, err := hex.DecodeString(salt)
	if err != nil {
		return "", "", err
	}
	rawdata := make([]byte, len(rawmessage) + len(rawsalt))
	rawdata = append(rawdata, rawmessage...)
	rawdata = append(rawdata, rawsalt...)

	// hash message + salt
	hasher := sha256.New()
	hasher.Write(rawdata)
	rawhash := hasher.Sum(nil)
	hash = hex.EncodeToString(rawhash)
	return hash, salt, nil
}

func IssueAPIToken(username, role string) (Token, error) {
	var apiToken Token
	var err error

	if err != nil {
		return Token{}, err
	}

	claims := TokenClaims{
		username,
		role,
		jwt.StandardClaims{
			ExpiresAt: (time.Now().Add(OneWeek)).Unix(),
			Issuer:    appName,
		},
	}

	jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	apiToken.TokenString, err = jwtToken.SignedString([]byte(secret))
	if err != nil {
		return Token{}, err
	}
	return apiToken, nil
}

func RefreshAPIToken(tokenString string) (Token, error) {
	var newToken Token
	tokenString = strings.TrimPrefix(tokenString, "Bearer ")
	token, err := parseTokenFunc(tokenString)
	if err != nil {
		return Token{}, err
	}

	// type assertion
	claims, ok := token.Claims.(*TokenClaims)
	if !ok || !token.Valid {
		return Token{}, errors.New("token is not valid")
	}

	claims.ExpiresAt = (time.Now().Add(OneWeek)).Unix()
	jwtToken := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

	newToken.TokenString, err = jwtToken.SignedString([]byte(secret))
	if err != nil {
		return Token{}, err
	}

	return newToken, nil
}

func ParseAPIToken(tokenString string) (*TokenClaims, error) {
	if ok := strings.HasPrefix(tokenString, "Bearer"); ok {
		tokenString = strings.TrimPrefix(tokenString, "Bearer ")
	} else {
		return &TokenClaims{}, errors.New("Authorization header is incomplete")
	}

	token, err := parseTokenFunc(tokenString)
	if err != nil {
		return &TokenClaims{}, err
	}

	// type assertion
	claims, ok := token.Claims.(*TokenClaims)
	if !ok || !token.Valid {
		return &TokenClaims{}, errors.New("token is not valid")
	}
	return claims, nil
}

func parseTokenFunc(tokenString string) (*jwt.Token, error) {
	token, err := jwt.ParseWithClaims(tokenString,
		&TokenClaims{},
		func(token *jwt.Token) (interface{}, error) {
			return []byte(secret), nil
		},
	)
	return token, err
}