import 'dart:io';

import 'package:backend/database.dart';
import 'package:backend/service/db_access.dart';
import 'package:dart_jsonwebtoken/dart_jsonwebtoken.dart';
import 'package:logging/logging.dart';
import 'package:shared_models/jwt.dart';
import 'package:shared_models/user.dart';

final jwtSecret = _getSecret();
const expTimeSecs = 3600;

final log = Logger('Authenticator');

enum JWTTokenStatus {
  valid,
  expired,
  invalid,
}

class Authenticator {
  Future<(String?, User?)> generateToken(CreateUserRequest req) async {
    final newUser = await Db.createUser(username: req.username, roomCode: req.roomCode);
    if (newUser == null) return (null, null);

    final iat = DateTime.now().millisecondsSinceEpoch ~/ 1000;
    final jwt = JWT(
      JWTBody(uuid: newUser.uuid, roomUuid: newUser.gameRoomUuid, iat: iat, exp: iat + expTimeSecs).toJson(),
    );

    return (jwt.sign(SecretKey(jwtSecret)), newUser);
  }

  Future<(User?, JWTTokenStatus)> verifyToken(
    String token,
  ) async {
    try {
      log.info('Verifying jwt: ${token.substring(0, 10)}...${token.substring(token.length - 10)}');
      final payload = JWT.verify(
        token,
        SecretKey(jwtSecret),
      );

      final jwt = JWTBody.fromJson(payload.payload as Map<String, dynamic>);

      if (jwt.iat + expTimeSecs != jwt.exp || DateTime.now().millisecondsSinceEpoch ~/ 1000 > jwt.exp) {
        return (null, JWTTokenStatus.expired);
      }

      return (await Db.getUserById(jwt.uuid), JWTTokenStatus.valid);
    } catch (e) {
      log.fine('Error verifying token', e);
      return (null, JWTTokenStatus.invalid);
    }
  }
}

// load any env vars inside root of project's .env file, then looks for JWT_TOKEN_SECRET
String _getSecret() {
  final envs = {...Platform.environment};
  try {
    final result = Process.runSync('git', ['rev-parse', '--show-toplevel']);
    if (result.exitCode != 0) {
      log.warning('Failed to get git root directory: ${result.stderr}');
      throw Exception('Failed to get git root directory');
    }
    final rootDir = (result.stdout as String).trim();
    final envFile = File('$rootDir/.env');
    if (envFile.existsSync()) {
      for (final line in envFile.readAsLinesSync()) {
        if (line.trim().isEmpty || line.startsWith('#')) continue;
        final parts = line.split('=');
        if (parts.length != 2) continue;
        final key = parts[0].trim();
        final value = parts[1].trim();
        envs[key] = value;
      }
    }
  } catch (e) {
    log.warning('Failed to load .env file: $e');
  }
  // check for secret
  final secret = envs['JWT_TOKEN_SECRET'];
  if (secret == null || secret.isEmpty) {
    throw Exception('JWT secret not configured. Define JWT_TOKEN_SECRET in environment.');
  } else {
    return secret;
  }
}