using DD.Persistence.Models.Configurations;
using Microsoft.Extensions.Configuration;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Net.Http.Headers;
using System.Security.Claims;
using System.Text.Json;

namespace DD.Persistence.Client.Helpers;

/// <summary>
/// Класс, позволяющий генерировать api-token
/// </summary>
public static class ApiTokenHelper
{
    /// <summary>
    /// Метод авториации
    /// </summary>
    /// <param name="httpClient"></param>
    /// <param name="configuration"></param>
    /// <returns></returns>
    public static async Task Authorize(this HttpClient httpClient, IConfiguration configuration)
    {
        var authUser = configuration
            .GetSection(nameof(AuthUser))
            .Get<AuthUser>()!;
        var needUseKeyCloak = configuration
            .GetSection("NeedUseKeyCloak")
            .Get<bool>()!;
        var keycloakGetTokenUrl = configuration.GetSection("KeycloakGetTokenUrl").Get<string>() ?? string.Empty;

        var jwtToken = needUseKeyCloak
            ? await authUser.CreateKeyCloakJwtToken(keycloakGetTokenUrl)
            : authUser.CreateDefaultJwtToken();

        httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", jwtToken);
    }

    /// <summary>
    /// Авторизация через собственный jwt-токен
    /// </summary>
    /// <param name="authUser"></param>
    /// <returns></returns>
	private static string CreateDefaultJwtToken(this AuthUser authUser)
    {
        var nameIdetifier = Guid.NewGuid().ToString();
        var claims = new List<Claim>()
        {
            new(ClaimTypes.NameIdentifier, nameIdetifier),
            new("client_id", authUser.ClientId),
            new("username", authUser.Username),
            new("password", authUser.Password),
            new("grant_type", authUser.GrantType),
            new(ClaimTypes.NameIdentifier.ToString(), Guid.NewGuid().ToString())
        };

        var tokenDescriptor = new SecurityTokenDescriptor
        {
            Issuer = JwtParams.Issuer,
            Audience = JwtParams.Audience,
            Subject = new ClaimsIdentity(claims),
            Expires = DateTime.UtcNow.AddHours(1),
            SigningCredentials = new SigningCredentials(JwtParams.SecurityKey, SecurityAlgorithms.HmacSha256Signature)
        };
        var tokenHandler = new JwtSecurityTokenHandler();
        var token = tokenHandler.CreateToken(tokenDescriptor);
        return tokenHandler.WriteToken(token);
    }

    /// <summary>
    /// Авторизация через jwt-токен keycloak
    /// </summary>
    /// <param name="authUser"></param>
    /// <param name="keycloakGetTokenUrl"></param>
    /// <returns></returns>
    private static async Task<string> CreateKeyCloakJwtToken(this AuthUser authUser, string keycloakGetTokenUrl)
    {
        var sharedClient = new HttpClient();
        var parameters = new Dictionary<string, string> {
            { "username", authUser.Username },
            { "password", authUser.Password },
            { "client_id", authUser.ClientId },
            { "grant_type", authUser.GrantType },
        };
        var encodedContent = new FormUrlEncodedContent(parameters);

        using HttpResponseMessage response = await sharedClient.PostAsync(keycloakGetTokenUrl, encodedContent);

        if (response.IsSuccessStatusCode == true)
        {
            var data = await response.Content.ReadAsStreamAsync();
            var token = JsonSerializer.Deserialize<JwtToken>(data)!;
            return token.AccessToken;
        }
        return String.Empty;
    }
}