using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using WebAppServer1.ApplicationDbContext;
using WebAppServer1.Models;

namespace WebAppServer1.Authentication
{
    public class TokenService
    {
        private readonly IConfiguration _config;
        private readonly AppDbContext pgSql;

        public TokenService(IConfiguration config, AppDbContext appDbContext)
        {
            _config = config;
            pgSql = appDbContext;
        }
        
        public string GenerateAccessToken(string username, int userid)
        {
            var claims = new List<Claim>()
            {
                new Claim(ClaimTypes.Name, username),
                //new Claim(ClaimTypes.Email, username),
                new Claim(ClaimTypes.NameIdentifier, userid.ToString()),
                new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString())
            };

            var key = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_config["Jwt:Key"]!));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

            var token = new JwtSecurityToken(
                issuer: _config["Jwt:Issuer"],
                audience: _config["Jwt:Audience"],
                claims: claims,
                expires: DateTime.UtcNow.AddMinutes(Convert.ToDouble(_config["Jwt:AccessTokenExpirationMinutes"])),
                signingCredentials: creds);

            return new JwtSecurityTokenHandler().WriteToken(token);
        }

        public async Task<string> GenerateRefreshToken(int userid, string username)
        {
            var refreshToken = Guid.NewGuid().ToString("N");
            var refreshTokenExpiry = DateTime.UtcNow.AddDays(Convert.ToDouble(_config["Jwt:RefreshTokenExpirationDays"]));
            var tokens = new Tokens
            {
                UserId = userid,
                UserName = username,
                RefreshToken = refreshToken,
                IsRevoked = false,
                IssuedAt = DateTime.UtcNow,
                ExpiresAt = refreshTokenExpiry,
            };
            pgSql.Add(tokens);
            await pgSql.SaveChangesAsync();
            return refreshToken;
        }

        public async Task<bool> ValidateRefreshToken(string refreshToken)
        {
            var exists = await pgSql.Tokens.AnyAsync(t => t.RefreshToken == refreshToken);
            if (!exists) { return false; }
            var token = await pgSql.Tokens.FirstOrDefaultAsync(t => t.RefreshToken == refreshToken);
            if (token == null || token.IsRevoked ) { return false; }
            if (token.ExpiresAt < DateTime.UtcNow)
            {
                token.IsRevoked = true;
                await pgSql.SaveChangesAsync();
                return false; 
            }
            return true;
        }

        public async Task RevokeRefreshToken(string refreshToken)
        {
            var token = await pgSql.Tokens.FirstOrDefaultAsync(t => t.RefreshToken == refreshToken);
            pgSql.Tokens.Remove(token!);
            await pgSql.SaveChangesAsync();
        }
    }


}