import 'dart:io';

import 'package:backend/database.dart';
import 'package:backend/service/db_access.dart';
import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
import 'package:logging/logging.dart';
import 'package:shared_models/user.dart';

final jwtSecret = _getSecret();
const expTimeSecs = 3600;

final log = Logger('Authenticator');

enum JWTTokenStatus {
  valid,
  expired,
  invalid,
}

class Authenticator {
  Future<String?> generateToken(CreateUserRequest req) async {
    final newUser = await Db.createUser(username: req.username, roomCode: req.roomCode);
    if (newUser == null) return null;

    final iat = DateTime.now().millisecondsSinceEpoch ~/ 1000;
    final jwt = JWT(
      {
        'uid': newUser.uuid,
        'roomUuid': newUser.gameRoomUuid,
        'iat': iat,
        'exp': iat + expTimeSecs,
      },
    );

    return jwt.sign(SecretKey(jwtSecret));
  }

  Future<(User?, JWTTokenStatus)> verifyToken(
    String token,
  ) async {
    try {
      log.info('Verifying jwt: ${token.substring(0, 10)}...${token.substring(token.length - 10)}');
      final payload = JWT.verify(
        token,
        SecretKey(jwtSecret),
      );

      final payloadData = payload.payload as Map<String, dynamic>;

      final iat = payloadData['iat'] as int;
      final exp = payloadData['exp'] as int;

      if (iat + expTimeSecs != exp || DateTime.now().millisecondsSinceEpoch ~/ 1000 > exp) {
        return (null, JWTTokenStatus.expired);
      }

      final uuid = payloadData['uuid'] as String;
      return (await Db.getUser(uuid), JWTTokenStatus.valid);
    } catch (e) {
      return (null, JWTTokenStatus.invalid);
    }
  }
}

// load any env vars inside root of project's .env file, then looks for JWT_TOKEN_SECRET
String _getSecret() {
  final envs = {...Platform.environment};
  try {
    final result = Process.runSync('git', ['rev-parse', '--show-toplevel']);
    if (result.exitCode != 0) {
      log.warning('Failed to get git root directory: ${result.stderr}');
      throw Exception('Failed to get git root directory');
    }
    final rootDir = (result.stdout as String).trim();
    final envFile = File('$rootDir/.env');
    if (envFile.existsSync()) {
      for (final line in envFile.readAsLinesSync()) {
        if (line.trim().isEmpty || line.startsWith('#')) continue;
        final parts = line.split('=');
        if (parts.length != 2) continue;
        final key = parts[0].trim();
        final value = parts[1].trim();
        envs[key] = value;
      }
    }
  } catch (e) {
    log.warning('Failed to load .env file: $e');
  }
  // check for secret
  final secret = envs['JWT_TOKEN_SECRET'];
  if (secret == null || secret.isEmpty) {
    throw Exception('JWT secret not configured. Define JWT_TOKEN_SECRET in environment.');
  } else {
    return secret;
  }
}