package auth

import (
	"fmt"

	"forge.cadoles.com/arcad/edge/cmd/storage-server/command/flag"
	"forge.cadoles.com/arcad/edge/pkg/jwtutil"
	"github.com/lestrrat-go/jwx/v2/jwa"
	"github.com/pkg/errors"
	"github.com/urfave/cli/v2"
)

func NewToken() *cli.Command {
	return &cli.Command{
		Name:  "new-token",
		Usage: "Generate new authentication token",
		Flags: []cli.Flag{
			&cli.StringFlag{
				Name: "tenant",
			},
			flag.PrivateKey,
			flag.PrivateKeySigningAlgorithm,
			flag.PrivateKeyDefaultSize,
		},
		Action: func(ctx *cli.Context) error {
			privateKeyFile := flag.GetPrivateKey(ctx)
			signingAlgorithm := flag.GetSigningAlgorithm(ctx)
			privateKeyDefaultSize := flag.GetPrivateKeyDefaultSize(ctx)
			tenant := ctx.String("tenant")

			privateKey, err := jwtutil.LoadOrGenerateKey(
				privateKeyFile,
				privateKeyDefaultSize,
			)
			if err != nil {
				return errors.WithStack(err)
			}

			claims := map[string]any{
				"tenant": tenant,
			}

			token, err := jwtutil.SignedToken(privateKey, jwa.SignatureAlgorithm(signingAlgorithm), claims)
			if err != nil {
				return errors.Wrap(err, "could not generate signed token")
			}

			fmt.Println(string(token))

			return nil
		},
	}
}