package com.vega.hrm.service;

import static com.vega.hrm.core.constants.CommonConst.SCOPES;

import com.google.api.client.auth.oauth2.AuthorizationCodeFlow;
import com.google.api.client.auth.oauth2.AuthorizationCodeRequestUrl;
import com.google.api.client.auth.oauth2.BearerToken;
import com.google.api.client.auth.oauth2.Credential;
import com.google.api.client.auth.oauth2.TokenResponse;
import com.google.api.client.googleapis.auth.oauth2.GoogleAuthorizationCodeFlow;
import com.google.api.client.googleapis.auth.oauth2.GoogleClientSecrets;
import com.google.api.client.googleapis.auth.oauth2.GoogleTokenResponse;
import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.JsonFactory;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.oauth2.Oauth2;
import com.vega.hrm.core.component.TokenStore;
import com.vega.hrm.core.entities.UserGoogleToken;
import com.vega.hrm.core.models.responses.BaseResponse;
import com.vega.hrm.core.dto.GoogleOAuthConfig;
import com.google.api.services.oauth2.model.Userinfo;
import com.vega.hrm.core.repositories.UserGoogleTokenRepository;
import com.vega.hrm.dto.CustomTokenResponse;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.time.Instant;
import java.util.Objects;
import java.util.UUID;
import lombok.RequiredArgsConstructor;
import lombok.Setter;
import org.springframework.stereotype.Service;

@Service
@RequiredArgsConstructor
public class GoogleService {
    private static final JsonFactory JSON_FACTORY = JacksonFactory.getDefaultInstance();
    private final TokenStore tokenStore;
    private final UserGoogleTokenRepository userGoogleTokenRepository;
    private final GoogleOAuthConfig googleOAuthConfig;
    public BaseResponse<String> getGoogleAuthUrl() {
        NetHttpTransport httpTransport = null;
        try {
            httpTransport = GoogleNetHttpTransport.newTrustedTransport();
        } catch (GeneralSecurityException | IOException e) {
           return  BaseResponse.invalid(e.getMessage());
        }

        GoogleClientSecrets.Details details = new GoogleClientSecrets.Details();
        details.setClientId(googleOAuthConfig.clientId);
        details.setClientSecret(googleOAuthConfig.clientSecret);
        GoogleClientSecrets clientSecrets = new GoogleClientSecrets().setInstalled(details);
        AuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
            httpTransport, JSON_FACTORY, clientSecrets, SCOPES)
            .setAccessType("offline")
            .setApprovalPrompt("force")
            .build();
        AuthorizationCodeRequestUrl authorizationUrl = flow.newAuthorizationUrl().setRedirectUri(googleOAuthConfig.redirectUri);
        return BaseResponse.success("00",authorizationUrl.toString());
    }

    public BaseResponse<Boolean> googleCallback(String code) {
        NetHttpTransport httpTransport = null;

        try {
            httpTransport = GoogleNetHttpTransport.newTrustedTransport();
        } catch (GeneralSecurityException | IOException e) {
            BaseResponse.invalid(e.getMessage());
        }

        GoogleClientSecrets.Details details = new GoogleClientSecrets.Details();
        details.setClientId(googleOAuthConfig.clientId);
        details.setClientSecret(googleOAuthConfig.clientSecret);
        GoogleClientSecrets clientSecrets = new GoogleClientSecrets().setInstalled(details);
        AuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow.Builder(
            httpTransport, JSON_FACTORY, clientSecrets, SCOPES)
            .setAccessType("offline")
            .setApprovalPrompt("force")
            .build();
        GoogleTokenResponse tokenResponse = null;
        try {
            tokenResponse = (GoogleTokenResponse) flow.newTokenRequest(code).setRedirectUri(googleOAuthConfig.redirectUri).execute();
        } catch (IOException e) {
            return BaseResponse.invalid(e.getMessage());
        }
        Credential credential = new Credential(BearerToken.authorizationHeaderAccessMethod())
            .setAccessToken(tokenResponse.getAccessToken());

        Oauth2 oauth2 = new Oauth2.Builder(
            Objects.requireNonNull(httpTransport), JSON_FACTORY, credential)
            .setApplicationName("VEGA_HRM")
            .build();

        Userinfo userInfo = null;
        try {
            userInfo = oauth2.userinfo().get().execute();
        } catch (IOException e) {
            return BaseResponse.invalid(e.getMessage());
        }

        String email = userInfo.getEmail();
        var userGoogleToken = userGoogleTokenRepository.findUserGoogleTokenByEmail(email);

        if (userGoogleToken == null) {
            userGoogleToken =  new UserGoogleToken();
            userGoogleToken.setId(UUID.randomUUID());
            userGoogleToken.setEmail(email);
            userGoogleToken.setAccessToken(tokenResponse.getAccessToken());
            userGoogleToken.setRefreshToken(tokenResponse.getRefreshToken());
            userGoogleToken.setScope(tokenResponse.getScope());
            userGoogleToken.setExpiresIn(tokenResponse.getExpiresInSeconds());
            userGoogleToken.setRefreshTokenExpiresIn(tokenResponse.getExpiresInSeconds());
            userGoogleToken.setExpiresAt(Instant.now().plusSeconds(tokenResponse.getExpiresInSeconds()));
            userGoogleToken.setTokenType(tokenResponse.getTokenType());

            userGoogleToken.setRefreshTokenExpiresAt(Instant.now().plusSeconds(tokenResponse.get("refresh_token_expires_in") != null
                ? Long.valueOf(tokenResponse.get("refresh_token_expires_in").toString())
                : null));
            userGoogleToken.setCreatedAt(Instant.now());
           userGoogleTokenRepository.save(userGoogleToken);
        }

        tokenStore.storeToken(email, tokenResponse);
        return BaseResponse.success("00",true);
    }

}