using BlackRock.Reporting.API.Core.Models;
using Microsoft.AspNetCore.Identity;

namespace BlackRock.Reporting.API.Authentication
{
    public class RefreshTokenManager : IRefreshTokenManager
    {
        private readonly UserManager<ApplicationUser> userManager;

        public RefreshTokenManager(UserManager<ApplicationUser> userManager)
        {
            this.userManager = userManager;
        }
        public async Task<string> GenerateRefreshToken(ApplicationUser user)
        {
            var newRefreshToken = await userManager.GenerateUserTokenAsync(user, "MyApp", "RefreshToken");
            await userManager.SetAuthenticationTokenAsync(user, "MyApp", "RefreshToken", newRefreshToken);

            var refreshToken = await userManager.GetAuthenticationTokenAsync(user, "MyApp", "RefreshToken");
            var isValid = await userManager.VerifyUserTokenAsync(user, "MyApp", "RefreshToken", refreshToken);

            if (!isValid)
                throw new UnauthorizedAccessException("Invalid token passed");

            return refreshToken;
        }
        public async Task RemoveRefreshToken(ApplicationUser user)
        {
            await userManager.RemoveAuthenticationTokenAsync(user, "MyApp", "RefreshToken");
        }
        public async Task<bool> ValidateRefreshToken(ApplicationUser user, string refreshToken)
        {
            var refreshTokenFromDb = await userManager.GetAuthenticationTokenAsync(user, "MyApp", "RefreshToken");

            if(refreshTokenFromDb == null || refreshTokenFromDb != refreshToken)
                throw new UnauthorizedAccessException("Invalid token passed");

            return true;
        }
    }
}