use uuid::Uuid;

use crate::{
    app::App,
    clock::RequestedAt,
    login::{Login, Password},
    token::{
        extract::{Identity, IdentityToken},
        Secret,
    },
};

pub fn not_logged_in() -> IdentityToken {
    IdentityToken::new()
}

pub async fn logged_in(app: &App, login: &(Login, Password), now: &RequestedAt) -> IdentityToken {
    let (login, password) = login;
    let (_, token) = app
        .tokens()
        .login(&login.name, password, now)
        .await
        .expect("should succeed given known-valid credentials");

    IdentityToken::new().set(token)
}

pub async fn from_token(app: &App, token: &IdentityToken, issued_at: &RequestedAt) -> Identity {
    let secret = token.secret().expect("identity token has a secret");
    let (token, login) = app
        .tokens()
        .validate(&secret, issued_at)
        .await
        .expect("always validates newly-issued secret");

    Identity { token, login }
}

pub async fn identity(app: &App, login: &(Login, Password), issued_at: &RequestedAt) -> Identity {
    let secret = logged_in(app, login, issued_at).await;
    from_token(app, &secret, issued_at).await
}

pub fn secret(identity: &IdentityToken) -> Secret {
    identity.secret().expect("identity contained a secret")
}

pub fn fictitious() -> IdentityToken {
    let token = Uuid::new_v4().to_string();
    IdentityToken::new().set(token)
}