pub use microrm::{Schema, Entity, Modelable};
use serde::{Deserialize, Serialize};

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Session {
    pub key: String,
    // TODO: add expiry here
}

microrm::make_index!(!SessionKeyIndex, Session::Key);

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct SessionAuthentication {
    #[microrm_foreign]
    pub session: SessionID,
    #[microrm_foreign]
    pub realm: RealmID,
    #[microrm_foreign]
    pub user: UserID,

    pub challenges_left: Vec<AuthChallengeType>,
}

// **** oauth types ****
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Realm {
    pub shortname: String,
}

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Key {
    #[microrm_foreign]
    pub realm: RealmID,
    pub key_id: String,
    #[serde(with = "serde_bytes")]
    pub keydata: Vec<u8>,
}

/// End-user representation object
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct User {
    #[microrm_foreign]
    pub realm: RealmID,
    pub username: String,
}

#[derive(Clone, Copy, Debug, PartialEq, Modelable, Serialize, Deserialize)]
pub enum AuthChallengeType {
    Username,
    Password,
    TOTP,
    Grid,
    WebAuthn,
}

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct AuthChallenge {
    #[microrm_foreign]
    pub user: UserID,
    pub challenge_type: AuthChallengeType,
    #[serde(with = "serde_bytes")]
    pub public: Vec<u8>,
    #[serde(with = "serde_bytes")]
    pub secret: Vec<u8>,
}

/// User semantic grouping
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Group {
    #[microrm_foreign]
    pub realm: RealmID,
    pub shortname: String,
}

/// User membership in group
#[derive(Debug, Entity,Serialize,Deserialize)]
pub struct GroupMembership {
    pub group: GroupID,
    pub user: UserID,
}

/// OAuth2 client representation
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Client {
    #[microrm_foreign]
    pub realm: RealmID,
    pub shortname: String,
    pub secret: String,
}

microrm::make_index!(
    !ClientNameIndex,
    Client::Realm,
    Client::Shortname
);

#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct ClientRedirect {
    #[microrm_foreign]
    pub client: ClientID,
    pub redirect: String,
}

/// Requested group of permissions
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Scope {
    #[microrm_foreign]
    pub realm: RealmID,
    pub shortname: String,
}

/// Specific atomic permission
#[derive(Debug, Entity, Serialize, Deserialize)]
pub struct Role {
    #[microrm_foreign]
    pub realm: RealmID,
    pub shortname: String,
}

/// Role membership in scope
#[derive(Debug, Entity,Serialize,Deserialize)]
pub struct ScopeRole {
    pub scope: ScopeID,
    pub role: RoleID,
}

/// Assigned permissions in group
#[derive(Debug, Entity,Serialize,Deserialize)]
pub struct GroupRole {
    pub scope: ScopeID,
    pub role: RoleID,
}

#[derive(Debug, Entity,Serialize,Deserialize)]
pub struct RevokedToken {
    pub user: UserID,
    pub nonce: String,
}

pub fn schema() -> Schema {
    Schema::new()
        .entity::<Session>()
        .index::<SessionKeyIndex>()
        .entity::<SessionAuthentication>()
        // oauth types
        .entity::<Realm>()
        .entity::<Key>()
        .entity::<User>()
        .entity::<AuthChallenge>()
        .entity::<Group>()
        .entity::<Client>()
        .index::<ClientNameIndex>()
        .entity::<ClientRedirect>()
        .entity::<Scope>()
        .entity::<Role>()
        .entity::<ScopeRole>()
        .entity::<GroupRole>()
        .entity::<RevokedToken>()
}