package member

import (
	"biz-member-gateway/internal/domain"
	"biz-member-gateway/internal/svc"
	"biz-member-gateway/internal/types"
	"context"

	"code.30cm.net/digimon/app-cloudep-permission-server/pkg/domain/token"
	"code.30cm.net/digimon/library-go/errs"
	"code.30cm.net/digimon/proto-all/pkg/permission"

	"github.com/zeromicro/go-zero/core/logx"
)

type RefreshAccessTokenLogic struct {
	logx.Logger
	ctx    context.Context
	svcCtx *svc.ServiceContext
}

// NewRefreshAccessTokenLogic 更新 Access Token
func NewRefreshAccessTokenLogic(ctx context.Context, svcCtx *svc.ServiceContext) *RefreshAccessTokenLogic {
	return &RefreshAccessTokenLogic{
		Logger: logx.WithContext(ctx),
		ctx:    ctx,
		svcCtx: svcCtx,
	}
}

func (l *RefreshAccessTokenLogic) RefreshAccessToken(req *types.UpdateTokenReq) (*types.LoginTokenResp, error) {
	data, err := l.svcCtx.TokenRPC.GetSystemClaimByAccessToken(l.ctx, &permission.GetSystemClaimReq{
		AccessToken: req.Token,
		IsExpired:   false,
	})
	if err != nil {
		return nil, err
	}

	uid := data.Data[token.UID.String()]
	if uid != req.UID {
		return nil, errs.Forbidden("failed to verify token user")
	}

	t, err := l.svcCtx.TokenRPC.RefreshToken(l.ctx, &permission.RefreshTokenReq{
		Token:    req.RefreshToken,
		Scope:    data.Data[token.Scope.String()],
		Expires:  0, // 指定到期的時間，不給會交由底層給（token repo）
		DeviceId: data.Data[token.Device.String()],
	})
	if err != nil {
		return nil, err
	}

	return &types.LoginTokenResp{
		UID:          req.UID,
		AccessToken:  t.Token,
		RefreshToken: t.OneTimeToken,
		TokenType:    domain.TokenTypeBearer,
	}, nil
}