use serde::{Serialize, Deserialize};

use rocket_contrib::json::Json;
use rocket::Response;
use rocket::http::Status;
use uuid::Uuid;
use jsonwebtoken::{encode, Header, EncodingKey};
use chrono::prelude::{DateTime, Utc};
use chrono::Duration;
use chrono::serde::ts_seconds;

use crate::DbConn;
use crate::models::errors::ErrorResponse;
use crate::models::users::{LocalUser, CreateUserRequest};

#[derive(Debug, Serialize, Deserialize)]
struct AuthClaims {
    jti: String,
    sub: String,
    #[serde(with = "ts_seconds")]
    exp: DateTime<Utc>,
    #[serde(with = "ts_seconds")]
    iat: DateTime<Utc>,
}

#[derive(Debug, Serialize)]
pub struct AuthTokenResponse {
    token: String
}

#[derive(Debug, Deserialize)]
pub struct AuthTokenRequest {
    username: String,
    password: String,
}

#[post("/users/me/token", data = "<auth_request>")]
pub fn create_auth_token(conn: DbConn, auth_request: Json<AuthTokenRequest>) -> Result<Json<AuthTokenResponse>, ErrorResponse<()>> {
    let user_info = LocalUser::get_user_by_creds(&conn, &auth_request.username, &auth_request.password)?;
    let jti = Uuid::new_v4().to_simple().to_string();
    let iat = Utc::now();
    let exp = iat + Duration::minutes(1);

    let claims = AuthClaims {
        jti: jti,
        sub: user_info.id,
        exp: exp,
        iat: iat,
    };

    // TODO: catch error
    let token = encode(&Header::default(), &claims, &EncodingKey::from_secret("changeme".as_ref())).unwrap();

    Ok(Json(AuthTokenResponse { token }))
}

#[post("/users", data = "<user_request>")]
pub fn create_user<'r>(conn: DbConn, user_request: Json<CreateUserRequest>) -> Result<Response<'r>, ErrorResponse<()>>{
    // TODO: Check current user if any to check if user has permission to create users (with or without role)
    let _user_info = LocalUser::create_user(&conn, user_request.into_inner())?;
    Response::build()
        .status(Status::Created)
        .ok()
}