package gapi

import (
	"context"
	"database/sql"
	"errors"
	"log/slog"

	db "github.com/itsscb/df/bff/db/sqlc"
	"github.com/itsscb/df/bff/pb"
	"github.com/itsscb/df/bff/util"
	"github.com/itsscb/df/bff/val"
	"google.golang.org/genproto/googleapis/rpc/errdetails"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"
	"google.golang.org/protobuf/types/known/timestamppb"
)

func (server *Server) Login(ctx context.Context, req *pb.LoginRequest) (*pb.LoginResponse, error) {
	violations := validateLoginRequest(req)
	if violations != nil {
		return nil, invalidArgumentError(violations)
	}

	account, err := server.store.GetAccountByEmail(ctx, req.GetEmail())
	if err != nil {
		if errors.Is(err, sql.ErrNoRows) {
			return nil, status.Error(codes.NotFound, "account not found")

		}
		slog.Error("login (get_account)", slog.String("invoked_by", req.GetEmail()), slog.String("error", err.Error()))
		return nil, status.Error(codes.Internal, "failed to get account")
	}

	err = util.CheckPassword(req.GetPassword(), account.Passwordhash)
	if err != nil {
		return nil, status.Error(codes.PermissionDenied, "invalid password")
	}

	id, err := server.tokenMaker.NewTokenID()
	if err != nil {
		slog.Error("login (token_id)", slog.String("invoked_by", req.GetEmail()), slog.String("error", err.Error()))
		return nil, status.Error(codes.Internal, "failed to create token id")
	}

	refreshToken, refreshPayload, err := server.tokenMaker.CreateToken(
		account.ID,
		id,
		server.config.RefreshTokenDuration,
	)
	if err != nil {
		slog.Error("login (refresh_token)", slog.String("invoked_by", req.GetEmail()), slog.String("error", err.Error()))
		return nil, status.Error(codes.Internal, "failed to create refresh token")

	}

	accessToken, accessPayload, err := server.tokenMaker.CreateToken(
		account.ID,
		id,
		server.config.AccessTokenDuration,
	)
	if err != nil {
		slog.Error("login (access_token)", slog.String("invoked_by", req.GetEmail()), slog.String("error", err.Error()))
		return nil, status.Error(codes.Internal, "failed to create access token")
	}

	mtdt := server.extractMetadata(ctx)

	_, err = server.store.CreateSession(ctx, db.CreateSessionParams{
		ID:           refreshPayload.ID,
		AccountID:    account.ID,
		RefreshToken: refreshToken,
		UserAgent:    mtdt.UserAgent,
		ClientIp:     mtdt.ClientIP,
		IsBlocked:    false,
		ExpiresAt:    refreshPayload.ExpiredAt,
	})
	if err != nil {
		slog.Error("login (db)", slog.String("invoked_by", req.GetEmail()), slog.String("error", err.Error()))
		return nil, status.Error(codes.Internal, "failed to create session")

	}

	rsp := &pb.LoginResponse{
		SessionId:             refreshPayload.ID.String(),
		AccessToken:           accessToken,
		AccessTokenExpiresAt:  timestamppb.New(accessPayload.ExpiredAt),
		RefreshToken:          refreshToken,
		RefreshTokenExpiresAt: timestamppb.New(refreshPayload.ExpiredAt),
		AccountId:             account.ID,
	}
	return rsp, nil
}

func validateLoginRequest(req *pb.LoginRequest) (violations []*errdetails.BadRequest_FieldViolation) {
	if err := val.ValidateEmail(req.GetEmail()); err != nil {
		violations = append(violations, fieldViolation("email", err))
	}

	if err := val.ValidatePassword(req.GetPassword()); err != nil {
		violations = append(violations, fieldViolation("password", err))
	}

	return violations
}