use crate::{
    key::{HMacType, KeyType},
    schema, UIDCError,
};
use microrm::prelude::*;

pub fn create(
    lease: &mut microrm::ConnectionLease,
    realm: &microrm::Stored<schema::Realm>,
    name: &String,
    key_type: KeyType,
) -> Result<(), UIDCError> {
    let rng = ring::rand::SystemRandom::new();
    let client_secret: [u8; 32] = ring::rand::generate(&rng).unwrap().expose();

    realm.clients.insert(
        lease,
        schema::Client {
            realm: realm.id(),
            shortname: name.into(),
            secret: base64::encode(client_secret),
            access_key_type: key_type.into(),
            refresh_key_type: KeyType::HMac(HMacType::Sha256).into_serialized(),
            direct_grant_enabled: false,
            redirects: Default::default(),
            scopes: Default::default(),
        },
    )?;
    Ok(())
}

pub fn rotate_secret(
    lease: &mut microrm::ConnectionLease,
    realm: &microrm::Stored<schema::Realm>,
    name: &str,
) -> Result<(), UIDCError> {
    let rng = ring::rand::SystemRandom::new();
    let client_secret: [u8; 32] = ring::rand::generate(&rng).unwrap().expose();

    let mut client = realm
        .clients
        .with(schema::Client::Shortname, name)
        .first()
        .get(lease)?
        .ok_or(UIDCError::Abort("no such client"))?;
    client.secret = base64::encode(client_secret);

    client.sync(lease)?;

    Ok(())
}

pub fn add_redirect(
    lease: &mut microrm::ConnectionLease,
    realm: &microrm::Stored<schema::Realm>,
    name: &str,
    pattern: &str,
) -> Result<(), UIDCError> {
    let Some(client) = realm.clients.keyed((realm.id(), name)).get(lease)? else {
        return Err(UIDCError::Abort("no such client"));
    };

    client.redirects.insert(
        lease,
        schema::ClientRedirect {
            redirect_pattern: pattern.into(),
        },
    )?;

    Ok(())
}