package api

import (
	"net/http"
	"time"

	"github.com/gin-gonic/gin"
)

const (
	cookieAccess  = "access_token"
	cookieRefresh = "refresh_token"
	cookiePath    = "/"
)

func (s *Server) baseCookie() http.Cookie {
	c := http.Cookie{
		Path:     cookiePath,
		HttpOnly: true,
		Secure:   s.Cfg.CookieSecure,
		SameSite: s.Cfg.CookieSameSite,
	}
	if s.Cfg.CookieDomain != "" {
		c.Domain = s.Cfg.CookieDomain
	}
	return c
}

func (s *Server) setAuthCookies(c *gin.Context, accessToken, refreshToken string) {
	if !s.Cfg.AuthCookiesEnabled {
		return
	}
	ac := s.baseCookie()
	ac.Name = cookieAccess
	ac.Value = accessToken
	ac.MaxAge = int(s.Cfg.JWTAccessTTL.Seconds())
	if ac.MaxAge < 1 {
		ac.MaxAge = 60
	}
	http.SetCookie(c.Writer, &ac)

	rc := s.baseCookie()
	rc.Name = cookieRefresh
	rc.Value = refreshToken
	rc.MaxAge = int(s.Cfg.JWTRefreshTTL.Seconds())
	if rc.MaxAge < 1 {
		rc.MaxAge = 3600
	}
	http.SetCookie(c.Writer, &rc)
}

func (s *Server) clearAuthCookies(c *gin.Context) {
	if !s.Cfg.AuthCookiesEnabled {
		return
	}
	expired := time.Unix(0, 0).UTC()
	for _, name := range []string{cookieAccess, cookieRefresh} {
		ck := s.baseCookie()
		ck.Name = name
		ck.Value = ""
		ck.MaxAge = -1
		ck.Expires = expired
		http.SetCookie(c.Writer, &ck)
	}
}

func refreshTokenFromRequest(c *gin.Context) string {
	ck, err := c.Request.Cookie(cookieRefresh)
	if err != nil || ck == nil {
		return ""
	}
	return ck.Value
}

func accessTokenFromCookie(c *gin.Context) string {
	ck, err := c.Request.Cookie(cookieAccess)
	if err != nil || ck == nil {
		return ""
	}
	return ck.Value
}