package services

import (
	"fmt"

	"git.solsynth.dev/hydrogen/identity/pkg/models"
	"git.solsynth.dev/hydrogen/identity/pkg/security"
	"github.com/gofiber/fiber/v2"
)

func Authenticate(access, refresh string, depth int) (models.Account, string, string, error) {
	var user models.Account
	claims, err := security.DecodeJwt(access)
	if err != nil {
		if len(refresh) > 0 && depth < 1 {
			// Auto refresh and retry
			access, refresh, err := security.RefreshToken(refresh)
			if err == nil {
				return Authenticate(access, refresh, depth+1)
			}
		}
		return user, access, refresh, fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth key: %v", err))
	}

	session, err := LookupSessionWithToken(claims.ID)
	if err != nil {
		return user, access, refresh, fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid auth session: %v", err))
	} else if err := session.IsAvailable(); err != nil {
		return user, access, refresh, fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("unavailable auth session: %v", err))
	}

	user, err = GetAccount(session.AccountID)
	if err != nil {
		return user, access, refresh, fiber.NewError(fiber.StatusUnauthorized, fmt.Sprintf("invalid account: %v", err))
	}

	return user, access, refresh, nil
}