package services

import (
	"encoding/base64"
	"errors"
	"net/http"

	"github.com/go-chi/jwtauth/v5"
	"golang.org/x/crypto/bcrypt"
)

var tokenEncoder *jwtauth.JWTAuth
var JWTVerifier func(http.Handler) http.Handler

func GenerateHashFromPassword(plainTextPass string) (string, error) {
	hashedPasswordBytes, err := bcrypt.GenerateFromPassword([]byte(plainTextPass), bcrypt.MinCost)
	if err != nil {
		return "", err
	}

	// Convert the hashed password to a base64 encoded string
	return base64.URLEncoding.EncodeToString(hashedPasswordBytes), nil
}

func PasswordEqual(hashedPassword, plainTextPass string) bool {
	return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(plainTextPass)) != nil
}

func InitJWT(secretTxt string) {
	tokenEncoder = jwtauth.New("HS256", []byte(secretTxt), nil)
}

func NewJWTVerifier() func(http.Handler) http.Handler {
	return jwtauth.Verifier(tokenEncoder)
}

func GenerateJWT(u User) string {
	_, tokenString, _ := tokenEncoder.Encode(map[string]interface{}{
		"id":               u.ID,
		"x-Hasura-Role":    "user",
		"x-Hasura-User-Id": u.ID,
	})
	return tokenString
}

func GetUserIDFromClaims(req *http.Request) (int64, error) {
	_, claims, _ := jwtauth.FromContext(req.Context())

	userIdStr, ok := claims["id"]
	if !ok {
		return -1, errors.New("claim by name 'id' not found")
	}

	return int64(userIdStr.(float64)), nil
}