package auth

import (
	"fmt"

	"forge.cadoles.com/Cadoles/emissary/internal/auth/thirdparty"
	"forge.cadoles.com/Cadoles/emissary/internal/command/common"
	"forge.cadoles.com/Cadoles/emissary/internal/jwk"
	"github.com/lithammer/shortuuid/v4"
	"github.com/pkg/errors"
	"github.com/urfave/cli/v2"
)

func CreateTokenCommand() *cli.Command {
	return &cli.Command{
		Name:  "create-token",
		Usage: "Create a new authentication token",
		Flags: []cli.Flag{
			&cli.StringFlag{
				Name:  "role",
				Usage: fmt.Sprintf("associate `ROLE` to the token (available: %v)", []thirdparty.Role{thirdparty.RoleReader, thirdparty.RoleWriter}),
				Value: string(thirdparty.RoleReader),
			},
			&cli.StringFlag{
				Name:  "subject",
				Usage: "associate `SUBJECT` to the token",
				Value: fmt.Sprintf("user-%s", shortuuid.New()),
			},
		},
		Action: func(ctx *cli.Context) error {
			conf, err := common.LoadConfig(ctx)
			if err != nil {
				return errors.Wrap(err, "Could not load configuration")
			}

			subject := ctx.String("subject")
			role := ctx.String("role")

			localAuth := conf.Server.Auth.Local
			if localAuth == nil {
				return errors.New("local auth is disabled")
			}

			key, err := jwk.LoadOrGenerate(string(localAuth.PrivateKeyPath), jwk.DefaultKeySize)
			if err != nil {
				return errors.WithStack(err)
			}

			token, err := thirdparty.GenerateToken(ctx.Context, key, subject, thirdparty.Role(role))
			if err != nil {
				return errors.WithStack(err)
			}

			fmt.Println(token)

			return nil
		},
	}
}