package middleware

import (
	"github.com/golang-jwt/jwt/v5"
	"net/http"
	"time"

	"github.com/gin-gonic/gin"
	log "github.com/sirupsen/logrus"
	"rkkvm/config"
)

type Token struct {
	Username string `json:"username"`
	jwt.RegisteredClaims
}

const (
	ExpireDuration = 31 * 24 * time.Hour // Month
)

func CheckToken() gin.HandlerFunc {
	return func(c *gin.Context) {
		conf := config.Get()

		if !conf.Auth {
			c.Next()
			return
		}

		var cookieName string
		if conf.NanoKVMUISupport {
			cookieName = "nano-kvm-token"
		} else {
			cookieName = "auth-token"
		}
		cookie, err := c.Cookie(cookieName)
		if err == nil {
			_, err = ParseJWT(cookie)
			if err == nil {
				c.Next()
				return
			}
		}

		c.JSON(http.StatusUnauthorized, "unauthorized")
		c.Abort()
	}
}

func GenerateJWT(username string) (string, error) {
	cfg := config.Get()

	claims := Token{
		Username: username,
		RegisteredClaims: jwt.RegisteredClaims{
			ExpiresAt: jwt.NewNumericDate(time.Now().Add(ExpireDuration)),
		},
	}

	t := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

	return t.SignedString([]byte(cfg.AuthSecret))
}

func ParseJWT(jwtToken string) (*Token, error) {
	cfg := config.Get()

	t, err := jwt.ParseWithClaims(jwtToken, &Token{}, func(token *jwt.Token) (interface{}, error) {
		return []byte(cfg.AuthSecret), nil
	})
	if err != nil {
		log.Debugf("parse jwt error: %s", err)
		return nil, err
	}

	if claims, ok := t.Claims.(*Token); ok && t.Valid {
		return claims, nil
	} else {
		return nil, err
	}
}