package auth

import (
	"encoding/json"
	"fmt"

	"forge.cadoles.com/arcad/edge/cmd/storage-server/command/flag"
	"forge.cadoles.com/arcad/edge/pkg/jwtutil"
	"github.com/lestrrat-go/jwx/v2/jwa"
	"github.com/pkg/errors"
	"github.com/urfave/cli/v2"
)

func CheckToken() *cli.Command {
	return &cli.Command{
		Name:  "check-token",
		Usage: "Validate and print the given token with the private key",
		Flags: []cli.Flag{
			&cli.StringFlag{
				Name:     "token",
				Required: true,
			},
			flag.PrivateKey,
			flag.PrivateKeySigningAlgorithm,
			flag.PrivateKeyDefaultSize,
		},
		Action: func(ctx *cli.Context) error {
			privateKeyFile := flag.GetPrivateKey(ctx)
			signingAlgorithm := flag.GetSigningAlgorithm(ctx)
			privateKeyDefaultSize := flag.GetPrivateKeyDefaultSize(ctx)
			rawToken := ctx.String("token")

			if rawToken == "" {
				return errors.New("you must provide a value for --token flag")
			}

			privateKey, err := jwtutil.LoadOrGenerateKey(
				privateKeyFile,
				privateKeyDefaultSize,
			)
			if err != nil {
				return errors.WithStack(err)
			}

			keySet, err := jwtutil.NewKeySet()
			if err != nil {
				return errors.WithStack(err)
			}

			err = jwtutil.AddKeyWithSigningAlgo(keySet, privateKey, jwa.SignatureAlgorithm(signingAlgorithm))
			if err != nil {
				return errors.WithStack(err)
			}

			token, err := jwtutil.Parse([]byte(rawToken), keySet)
			if err != nil {
				return errors.WithStack(err)
			}

			claims, err := token.AsMap(ctx.Context)
			if err != nil {
				return errors.WithStack(err)
			}

			json, err := json.MarshalIndent(claims, "", "  ")
			if err != nil {
				return errors.WithStack(err)
			}

			fmt.Println(string(json))

			return nil
		},
	}
}