package service

import (
	paseto "aidanwoods.dev/go-paseto"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"github.com/Nerzal/gocloak/v13"
	"github.com/rs/zerolog"
	"go-humas-be/app/database/entity"
	userLevelsRepository "go-humas-be/app/module/user_levels/repository"
	"go-humas-be/app/module/users/mapper"
	"go-humas-be/app/module/users/repository"
	"go-humas-be/app/module/users/request"
	"go-humas-be/app/module/users/response"
	"go-humas-be/config/config"
	"go-humas-be/utils/paginator"
	utilSvc "go-humas-be/utils/service"
	"strings"
	"time"
)

// UsersService
type usersService struct {
	Repo           repository.UsersRepository
	UserLevelsRepo userLevelsRepository.UserLevelsRepository
	Log            zerolog.Logger
	Keycloak       *config.KeycloakConfig
}

// UsersService define interface of IUsersService
type UsersService interface {
	All(req request.UsersQueryRequest) (users []*response.UsersResponse, paging paginator.Pagination, err error)
	Show(id uint) (users *response.UsersResponse, err error)
	ShowUserInfo(authToken string) (users *response.UsersResponse, err error)
	Save(req request.UsersCreateRequest, authToken string) (userReturn *entity.Users, err error)
	Login(req request.UserLogin) (res *gocloak.JWT, err error)
	ParetoLogin(req request.UserLogin) (res *response.ParetoLoginResponse, err error)
	Update(id uint, req request.UsersUpdateRequest) (err error)
	Delete(id uint) error
}

// NewUsersService init UsersService
func NewUsersService(repo repository.UsersRepository, userLevelsRepo userLevelsRepository.UserLevelsRepository, log zerolog.Logger, keycloak *config.KeycloakConfig) UsersService {

	return &usersService{
		Repo:           repo,
		UserLevelsRepo: userLevelsRepo,
		Log:            log,
		Keycloak:       keycloak,
	}
}

// All implement interface of UsersService
func (_i *usersService) All(req request.UsersQueryRequest) (users []*response.UsersResponse, paging paginator.Pagination, err error) {
	results, paging, err := _i.Repo.GetAll(req)
	if err != nil {
		return
	}

	for _, result := range results {
		users = append(users, mapper.UsersResponseMapper(result, _i.UserLevelsRepo))
	}

	return
}

func (_i *usersService) Show(id uint) (users *response.UsersResponse, err error) {
	result, err := _i.Repo.FindOne(id)
	if err != nil {
		return nil, err
	}

	return mapper.UsersResponseMapper(result, _i.UserLevelsRepo), nil
}

func (_i *usersService) ShowUserInfo(authToken string) (users *response.UsersResponse, err error) {
	userInfo := utilSvc.GetUserInfo(_i.Log, _i.Repo, authToken)

	return mapper.UsersResponseMapper(userInfo, _i.UserLevelsRepo), nil
}

func (_i *usersService) Save(req request.UsersCreateRequest, authToken string) (userReturn *entity.Users, err error) {
	_i.Log.Info().Interface("data", req).Msg("")
	newReq := req.ToEntity()

	_i.Log.Info().Interface("AUTH TOKEN", authToken).Msg("")

	if authToken != "" {
		createdBy := utilSvc.GetUserInfo(_i.Log, _i.Repo, authToken)
		newReq.CreatedById = &createdBy.ID
	}

	keycloakId, err := _i.Keycloak.CreateUser(req.Fullname, req.Email, req.Username, req.Password)
	if err != nil {
		return nil, err
	}

	newReq.KeycloakId = &keycloakId
	newReq.TempPassword = &req.Password

	return _i.Repo.Create(newReq)
}

func (_i *usersService) Login(req request.UserLogin) (res *gocloak.JWT, err error) {
	_i.Log.Info().Interface("data", req).Msg("")

	var loginResponse *gocloak.JWT
	if req.RefreshToken == nil {
		loginResponse, err = _i.Keycloak.Login(*req.Username, *req.Password)
	} else {
		loginResponse, err = _i.Keycloak.RefreshToken(*req.RefreshToken)
	}
	if err != nil {
		return nil, err
	}
	return loginResponse, nil
}

func (_i *usersService) ParetoLogin(req request.UserLogin) (res *response.ParetoLoginResponse, err error) {
	_i.Log.Info().Interface("data", req).Msg("")

	var loginResponse *gocloak.JWT
	token := paseto.NewToken()
	secretKeyHex := "bdc42b1a0ba2bac3e27ba84241f9de06dee71b70f838af8d1beb0417f03d1d00"
	secretKey, _ := paseto.V4SymmetricKeyFromHex(secretKeyHex)
	// secretKey := paseto.NewV4SymmetricKey() // to change the secretKey periodically

	if req.RefreshToken == nil {
		loginResponse, err = _i.Keycloak.Login(*req.Username, *req.Password)
	} else {
		// Retrieve Refresh Token
		parser := paseto.NewParser()
		verifiedToken, err := parser.ParseV4Local(secretKey, *req.RefreshToken, nil)
		if err != nil {
			panic(err)
		}

		refreshToken, _ := verifiedToken.GetString("refresh_token")
		_i.Log.Info().Interface("Pareto parse refresh token", refreshToken).Msg("")

		loginResponse, err = _i.Keycloak.RefreshToken(refreshToken)
	}

	_i.Log.Info().Interface("loginResponse", loginResponse).Msg("")

	if err != nil {
		return nil, err
	}

	parseToken, err := ParseJWTToken(loginResponse.AccessToken)
	if err != nil {
		return nil, err
	}

	issuedAt := parseToken["iat"].(float64)
	expirationTime := parseToken["exp"].(float64)
	issuer := parseToken["iss"].(string)
	jti := parseToken["jti"].(string)
	subject := parseToken["sub"].(string)

	token.SetIssuedAt(time.Unix(int64(issuedAt), 0))
	token.SetNotBefore(time.Unix(int64(issuedAt), 0))
	token.SetExpiration(time.Unix(int64(expirationTime), 0))
	token.SetIssuer(issuer)
	token.SetJti(jti)
	token.SetSubject(subject)
	token.SetString("access_token", loginResponse.AccessToken)
	token.SetString("refresh_token", loginResponse.RefreshToken)

	_i.Log.Info().Interface("Pareto Generated Key", secretKey.ExportHex()).Msg("")

	tokenEncrypted := token.V4Encrypt(secretKey, nil)

	parser := paseto.NewParser()
	verifiedToken, err := parser.ParseV4Local(secretKey, tokenEncrypted, nil)
	if err != nil {
		panic(err)
	}

	tokenParsing, _ := verifiedToken.GetString("access_token")
	_i.Log.Info().Interface("Pareto parse token", tokenParsing).Msg("")

	resLogin := &response.ParetoLoginResponse{
		AccessToken: tokenEncrypted,
	}

	if err != nil {
		return nil, err
	}

	return resLogin, nil
}

func (_i *usersService) Update(id uint, req request.UsersUpdateRequest) (err error) {
	_i.Log.Info().Interface("data", req).Msg("")
	newReq := req.ToEntity()

	findUser, err := _i.Repo.FindOne(id)
	if err != nil {
		return err
	}

	err = _i.Keycloak.UpdateUser(findUser.KeycloakId, req.Fullname, req.Email)
	if err != nil {
		return err
	}

	return _i.Repo.Update(id, newReq)
}

func (_i *usersService) Delete(id uint) error {
	result, err := _i.Repo.FindOne(id)
	if err != nil {
		return err
	}

	isActive := false
	result.IsActive = &isActive
	return _i.Repo.Update(id, result)
}

func ParseJWTToken(token string) (map[string]interface{}, error) {
	// Pisahkan JWT menjadi 3 bagian: header, payload, dan signature
	parts := strings.Split(token, ".")
	if len(parts) != 3 {
		return nil, fmt.Errorf("Invalid JWT token")
	}

	// Decode bagian payload (index ke-1)
	payloadData, err := base64.RawURLEncoding.DecodeString(parts[1])
	if err != nil {
		return nil, fmt.Errorf("Failed to decode payload: %v", err)
	}

	// Ubah payload menjadi map[string]interface{}
	var payload map[string]interface{}
	if err := json.Unmarshal(payloadData, &payload); err != nil {
		return nil, fmt.Errorf("Failed to parse payload JSON: %v", err)
	}

	return payload, nil
}