package auth

import (
	"fmt"

	"forge.cadoles.com/cadoles/bouncer/internal/auth/jwt"
	"forge.cadoles.com/cadoles/bouncer/internal/command/common"
	"forge.cadoles.com/cadoles/bouncer/internal/jwk"
	"github.com/lithammer/shortuuid/v4"
	"github.com/pkg/errors"
	"github.com/urfave/cli/v2"
)

func CreateTokenCommand() *cli.Command {
	return &cli.Command{
		Name:  "create-token",
		Usage: "Create a new authentication token",
		Flags: []cli.Flag{
			&cli.StringFlag{
				Name:  "role",
				Usage: fmt.Sprintf("associate `ROLE` to the token (available: %v)", []jwt.Role{jwt.RoleReader, jwt.RoleWriter}),
				Value: string(jwt.RoleReader),
			},
			&cli.StringFlag{
				Name:  "subject",
				Usage: "associate `SUBJECT` to the token",
				Value: fmt.Sprintf("user-%s", shortuuid.New()),
			},
		},
		Action: func(ctx *cli.Context) error {
			conf, err := common.LoadConfig(ctx)
			if err != nil {
				return errors.Wrap(err, "Could not load configuration")
			}

			subject := ctx.String("subject")
			role := ctx.String("role")

			key, err := jwk.LoadOrGenerate(string(conf.Admin.Auth.PrivateKey), jwk.DefaultKeySize)
			if err != nil {
				return errors.WithStack(err)
			}

			token, err := jwt.GenerateToken(ctx.Context, key, string(conf.Admin.Auth.Issuer), subject, jwt.Role(role))
			if err != nil {
				return errors.WithStack(err)
			}

			fmt.Println(token)

			return nil
		},
	}
}