use chrono::TimeDelta;
use sqlx::{sqlite::Sqlite, SqliteConnection, Transaction};
use uuid::Uuid;

use super::logins::{Id as LoginId, Login};
use crate::{clock::DateTime, error::BoxedError};

pub trait Provider {
    fn tokens(&mut self) -> Tokens;
}

impl<'c> Provider for Transaction<'c, Sqlite> {
    fn tokens(&mut self) -> Tokens {
        Tokens(self)
    }
}

pub struct Tokens<'t>(&'t mut SqliteConnection);

impl<'c> Tokens<'c> {
    /// Issue a new token for an existing login. The issued_at timestamp will
    /// be used to control expiry, until the token is actually used.
    pub async fn issue(
        &mut self,
        login: &LoginId,
        issued_at: DateTime,
    ) -> Result<String, BoxedError> {
        let secret = Uuid::new_v4().to_string();

        let secret = sqlx::query_scalar!(
            r#"
                insert
                into token (secret, login, issued_at, last_used_at)
                values ($1, $2, $3, $3)
                returning secret as "secret!"
            "#,
            secret,
            login,
            issued_at,
        )
        .fetch_one(&mut *self.0)
        .await?;

        Ok(secret)
    }

    /// Revoke a token by its secret. If there is no such token with that
    /// secret, this will succeed by doing nothing.
    pub async fn revoke(&mut self, secret: &str) -> Result<(), BoxedError> {
        sqlx::query!(
            r#"
                delete
                from token
                where secret = $1
            "#,
            secret,
        )
        .execute(&mut *self.0)
        .await?;

        Ok(())
    }

    /// Expire and delete all tokens that haven't been used within the expiry
    /// interval (right now, 7 days) prior to `expire_at`. Tokens that are in
    /// use within that period will be retained.
    pub async fn expire(&mut self, expire_at: DateTime) -> Result<(), BoxedError> {
        // Somewhat arbitrarily, expire after 7 days.
        let expired_issue_at = expire_at - TimeDelta::days(7);
        sqlx::query!(
            r#"
                delete
                from token
                where last_used_at < $1
            "#,
            expired_issue_at,
        )
        .execute(&mut *self.0)
        .await?;

        Ok(())
    }

    /// Validate a token by its secret, retrieving the associated Login record.
    /// Will return [None] if the token is not valid. The token's last-used
    /// timestamp will be set to `used_at`.
    pub async fn validate(
        &mut self,
        secret: &str,
        used_at: DateTime,
    ) -> Result<Option<Login>, BoxedError> {
        // I would use `update … returning` to do this in one query, but
        // sqlite3, as of this writing, does not allow an update's `returning`
        // clause to reference columns from tables joined into the update. Two
        // queries is fine, but it feels untidy.
        sqlx::query!(
            r#"
                update token
                set last_used_at = $1
                where secret = $2
            "#,
            used_at,
            secret,
        )
        .execute(&mut *self.0)
        .await?;

        let login = sqlx::query_as!(
            Login,
            r#"
                select
                    login.id as "id: LoginId",
                    name
                from login
                join token on login.id = token.login
                where token.secret = $1
            "#,
            secret,
        )
        .fetch_optional(&mut *self.0)
        .await?;

        Ok(login)
    }
}