mod types;
mod oauth;
mod msa;

use std::error::Error;
use std::fmt::{Display, Formatter};
use std::ops::Add;
use std::time::{Duration, Instant, SystemTime};
use chrono::{DateTime, NaiveDateTime, TimeDelta, Utc};
use oauth2::{AccessToken, AuthType, AuthUrl, ClientId, DeviceAuthorizationUrl, HttpClientError, RefreshToken, RequestTokenError, Scope, StandardTokenResponse, TokenResponse, TokenUrl};
use oauth2::basic::{BasicErrorResponse, BasicTokenResponse};
pub use types::*;

#[derive(Debug)]
pub enum AuthError {
    Request { what: &'static str, error: reqwest::Error },
    OAuthRequestToken { what: &'static str, error: RequestTokenError<HttpClientError<reqwest::Error>, BasicErrorResponse> },
    Internal(String),
    Timeout
}

impl Display for AuthError {
    fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
        match self {
            AuthError::Request { what, error } => write!(f, "auth request error ({}): {}", what, error),
            AuthError::OAuthRequestToken { what, error } => write!(f, "oauth error requesting token ({what}): {error}"),
            AuthError::Internal(msg) => write!(f, "internal auth error: {}", msg),
            AuthError::Timeout => f.write_str("interactive authentication timed out")
        }
    }
}

impl Error for AuthError {
    fn source(&self) -> Option<&(dyn Error + 'static)> {
        match self {
            AuthError::Request { error, .. } => Some(error),
            AuthError::OAuthRequestToken { error, .. } => Some(error),
            _ => None
        }
    }
}

impl Token {
    fn is_expired(&self, now: DateTime<Utc>) -> bool {
        self.expire.is_some_and(|exp| now < exp)
    }
}

macro_rules! create_oauth_client {
    ($is_azure_client_id:expr) => {
        if is_azure_client_id {
            oauth2::Client::new(self.client_id.clone())
                .set_token_uri(TokenUrl::new("https://login.microsoftonline.com/consumers/oauth2/v2.0/token".into()).expect("hardcoded url"))
                .set_device_authorization_url(DeviceAuthorizationUrl::new("https://login.microsoftonline.com/consumers/oauth2/v2.0/devicecode".into()).expect("hardcoded url"))
            as oauth2::Client<BasicErrorResponse, BasicTokenResponse, _, _, _, _, _, _, _, _>
        } else {
            oauth2::Client::new(self.client_id.clone())
                .set_token_uri(TokenUrl::new("https://login.live.com/oauth20_token.srf".into()).expect("hardcoded url"))
                .set_device_authorization_url(DeviceAuthorizationUrl::new("https://login.live.com/oauth20_connect.srf".into()).expect("hardcoded url"))
            as oauth2::Client<BasicErrorResponse, BasicTokenResponse, _, _, _, _, _, _, _, _>
        }
    }
}

const AZURE_LOGIN_SCOPES: &[&str] = ["XboxLive.signin", "offline_access"].as_slice();
const NON_AZURE_LOGIN_SCOPES: &[&str] = ["service::user.auth.xboxlive.com::MBI_SSL"].as_slice();

impl MsaUser {
    pub fn create_client(&self) -> reqwest::Client {
        reqwest::ClientBuilder::new()
            .redirect(reqwest::redirect::Policy::none())
            .build().expect("building client should succeed")
    }

    fn scopes_iter(&self) -> impl Iterator<Item = Scope> {
        let to_scope = |f: &&str| Scope::new(String::from(*f));

        if self.is_azure_client_id {
            AZURE_LOGIN_SCOPES.iter().map(to_scope)
        } else {
            NON_AZURE_LOGIN_SCOPES.iter().map(to_scope)
        }
    }

    // uses an access token from, for example, a device code grant logs into xbox live
    async fn xbl_log_in(&mut self, token: &AccessToken) {

    }

    async fn refresh_access_token(&mut self, client: reqwest::Client) -> Result<BasicTokenResponse, AuthError> {
        let oauth_client = create_oauth_client!(self.is_azure_client_id);
        let refresh_token = self.refresh_token.as_ref().expect("refresh_access_token called with no refresh token");

        let tokenres: BasicTokenResponse = oauth_client
            .exchange_refresh_token(refresh_token)
            .add_scopes(self.scopes_iter())
            .request_async(&client)
            .await.map_err(|e| AuthError::OAuthRequestToken { what: "refresh", error: e })?;

        self.refresh_token = tokenres.refresh_token().cloned();

        todo!()
    }

    // ensure we have an xbox live token for this person
    // tasks for this function:
    //  - check if the XBL token is valid/not expired
    //  - if it is expired, try to use refresh token to get a new one
    //    - get rid of auth token if yeah
    async fn ensure_xbl(&mut self, client: reqwest::Client) -> Result<(), AuthError> {
        todo!()
    }

    async fn log_in_silent(&mut self, client: reqwest::Client) -> Result<(), AuthError> {
        let now: DateTime<Utc> = SystemTime::now().into();

        if self.auth_token.as_ref().is_some_and(|tok| !tok.is_expired(now.add(TimeDelta::hours(12)))) {

        }

        todo!()
    }
}

#[cfg(test)]
mod test {
    use reqwest::Client;
    use crate::auth::oauth::device_code;
    use super::*;

    #[tokio::test]
    async fn abc() {
        simple_logger::SimpleLogger::new().with_colors(true).with_level(log::LevelFilter::Trace).init().unwrap();
        
        _=device_code::DeviceCodeAuthBuilder::new()
            .client_id("00000000402b5328")
            .add_scope("service::user.auth.xboxlive.com::MBI_SSL", true)
            .code_request_url("https://login.live.com/oauth20_connect.srf")
            .check_url("https://login.live.com/oauth20_token.srf")
            .begin(Client::new()).await.unwrap().drive().await;
    }
}