package htmlhouse

import (
	"crypto/rsa"
	"fmt"
	jwt "github.com/dgrijalva/jwt-go"
	"github.com/juju/errgo"
	"io/ioutil"
	"net/http"
)

const (
	tokenHeader = "Authorization"
)

type sessionManager interface {
	readToken(*http.Request) (string, error)
	createToken(string) (string, error)
	writeToken(http.ResponseWriter, string) error
}

// Basic user session info
type sessionInfo struct {
	ID string `json:"id"`
}

func newSessionInfo(houseID string) *sessionInfo {
	return &sessionInfo{houseID}
}

func newSessionManager(cfg *config) (sessionManager, error) {
	mgr := &defaultSessionManager{}

	// Read and parse private key
	signBytes, err := ioutil.ReadFile(cfg.PrivateKey)
	if err != nil {
		return mgr, errgo.Mask(err)
	}
	mgr.signKey, err = jwt.ParseRSAPrivateKeyFromPEM(signBytes)
	if err != nil {
		return mgr, errgo.Mask(err)
	}

	// Read and parse public key
	verifyBytes, err := ioutil.ReadFile(cfg.PublicKey)
	if err != nil {
		return mgr, errgo.Mask(err)
	}
	mgr.verifyKey, err = jwt.ParseRSAPublicKeyFromPEM(verifyBytes)
	if err != nil {
		return mgr, errgo.Mask(err)
	}

	return mgr, nil
}

type defaultSessionManager struct {
	verifyKey *rsa.PublicKey
	signKey   *rsa.PrivateKey
}

func (m *defaultSessionManager) readToken(r *http.Request) (string, error) {
	tokenString := r.Header.Get(tokenHeader)
	if tokenString == "" {
		return "", nil
	}

	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodRSA); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		}
		return m.verifyKey, nil
	})
	switch err.(type) {
	case nil:
		if !token.Valid {
			return "", nil
		}

		claims := token.Claims.(jwt.MapClaims)
		houseID := claims["houseID"].(string)

		return houseID, nil
	case *jwt.ValidationError:
		return "", nil
	default:
		return "", errgo.Mask(err)
	}
}

func (m *defaultSessionManager) createToken(houseID string) (string, error) {
	token := jwt.New(jwt.SigningMethodRS512)
	claims := token.Claims.(jwt.MapClaims)
	claims["houseID"] = houseID

	tokenString, err := token.SignedString(m.signKey)
	if err != nil {
		return tokenString, errgo.Mask(err)
	}

	return tokenString, nil
}

func (m *defaultSessionManager) writeToken(w http.ResponseWriter, houseID string) error {
	tokenString, err := m.createToken(houseID)
	if err != nil {
		return err
	}

	w.Header().Set(tokenHeader, tokenString)
	return nil
}