using Microsoft.Extensions.Caching.Memory;

namespace IOL.GreatOffice.Api.Services;

public class VaultService
{
	private readonly HttpClient _client;
	private readonly IMemoryCache _cache;
	private readonly IConfiguration _configuration;
	private int CACHE_TTL { get; set; }

	public VaultService(HttpClient client, IConfiguration configuration, IMemoryCache cache) {
		var token = configuration.GetValue<string>(AppEnvironmentVariables.VAULT_TOKEN);
		var vaultUrl = configuration.GetValue<string>(AppEnvironmentVariables.VAULT_URL);
		CACHE_TTL = configuration.GetValue(AppEnvironmentVariables.VAULT_CACHE_TTL, 60 * 60 * 12);
		if (token.IsNullOrWhiteSpace()) throw new ApplicationException("VAULT_TOKEN is empty");
		if (vaultUrl.IsNullOrWhiteSpace()) throw new ApplicationException("VAULT_URL is empty");
		client.DefaultRequestHeaders.Add("X-Vault-Token", token);
		client.BaseAddress = new Uri(vaultUrl);
		_client = client;
		_cache = cache;
		_configuration = configuration;
	}

	public static object Data { get; set; }

	public T Get<T>(string path) {
		return _cache.GetOrCreate(AppConstants.VAULT_CACHE_KEY,
								  cacheEntry => {
									  cacheEntry.AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(CACHE_TTL);
									  var getSecretResponse = _client.GetFromJsonAsync<GetSecretResponse<T>>("/v1/kv/data/" + path).Result;
									  if (getSecretResponse == null) {
										  return default;
									  }

									  Log.Debug("Setting new Vault cache, "
												+ new {
														PATH = path,
														CACHE_TTL,
														Data = JsonSerializer.Serialize(getSecretResponse.Data.Data)
												});
									  return getSecretResponse.Data.Data ?? default;
								  });
	}

	public T Refresh<T>(string path) {
		_cache.Remove(AppConstants.VAULT_CACHE_KEY);
		CACHE_TTL = _configuration.GetValue(AppEnvironmentVariables.VAULT_CACHE_TTL, 60 * 60 * 12);
		return Get<T>(path);
	}

	public async Task<RenewTokenResponse> RenewTokenAsync<T>(string token) {
		var response = await _client.PostAsJsonAsync("v1/auth/token/renew",
													 new {
															 Token = token
													 });
		if (response.IsSuccessStatusCode) {
			return await response.Content.ReadFromJsonAsync<RenewTokenResponse>();
		}

		return default;
	}

	public AppConfiguration GetCurrentAppConfiguration() {
		var path = _configuration.GetValue<string>(AppEnvironmentVariables.MAIN_CONFIG_SHEET);
		return Get<AppConfiguration>(path);
	}

	public AppConfiguration RefreshCurrentAppConfiguration() {
		var path = _configuration.GetValue<string>(AppEnvironmentVariables.MAIN_CONFIG_SHEET);
		return Refresh<AppConfiguration>(path);
	}

	public class RenewTokenResponse
	{
		public Guid RequestId { get; set; }
		public string LeaseId { get; set; }
		public bool Renewable { get; set; }
		public long LeaseDuration { get; set; }
		public object Data { get; set; }
		public object WrapInfo { get; set; }
		public List<string> Warnings { get; set; }
		public Auth Auth { get; set; }
	}

	public class Auth
	{
		public string ClientToken { get; set; }
		public string Accessor { get; set; }
		public List<string> Policies { get; set; }
		public List<string> TokenPolicies { get; set; }
		public object Metadata { get; set; }
		public long LeaseDuration { get; set; }
		public bool Renewable { get; set; }
		public string EntityId { get; set; }
		public string TokenType { get; set; }
		public bool Orphan { get; set; }
		public object MfaRequirement { get; set; }
		public long NumUses { get; set; }
	}

	public class GetSecretResponse<T>
	{
		public VaultSecret<T> Data { get; set; }
	}

	public class VaultSecret<T>
	{
		public T Data { get; set; }
		public VaultSecretMetadata Metadata { get; set; }
	}

	public class VaultSecretMetadata
	{
		public DateTimeOffset CreatedTime { get; set; }
		public object CustomMetadata { get; set; }
		public string DeletionTime { get; set; }
		public bool Destroyed { get; set; }
		public long Version { get; set; }
	}
}