package com.magamochi.authentication.service;

import com.magamochi.authentication.model.dto.AuthenticationRequestDTO;
import com.magamochi.authentication.model.dto.AuthenticationResponseDTO;
import com.magamochi.authentication.model.dto.RefreshTokenRequestDTO;
import com.magamochi.authentication.security.JwtUtil;
import com.magamochi.user.service.UserService;
import lombok.RequiredArgsConstructor;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Service;

@Service
@RequiredArgsConstructor
public class AuthenticationService {
  private final AuthenticationManager authenticationManager;

  private final UserDetailsService userDetailsService;
  private final UserService userService;

  private final JwtUtil jwtUtil;

  public AuthenticationResponseDTO authenticate(AuthenticationRequestDTO request) {
    authenticationManager.authenticate(
        new UsernamePasswordAuthenticationToken(request.email(), request.password()));

    var userDetails = userDetailsService.loadUserByUsername(request.email());

    var accessToken = jwtUtil.generateAccessToken(userDetails);
    var refreshToken = jwtUtil.generateRefreshToken(userDetails);

    var user = userService.find(userDetails.getUsername());

    return new AuthenticationResponseDTO(
        user.getId(),
        accessToken,
        refreshToken,
        userDetails.getUsername(),
        user.getName(),
        user.getRole());
  }

  public AuthenticationResponseDTO refreshAuthToken(
      RefreshTokenRequestDTO authenticationRequestDTO) {
    var username = jwtUtil.extractUsernameFromRefreshToken(authenticationRequestDTO.refreshToken());

    var userDetails = userDetailsService.loadUserByUsername(username);

    if (!jwtUtil.validateRefreshToken(authenticationRequestDTO.refreshToken(), userDetails)) {
      throw new BadCredentialsException("Invalid refresh token");
    }

    var newAccessToken = jwtUtil.generateAccessToken(userDetails);
    var newRefreshToken = jwtUtil.generateRefreshToken(userDetails);

    var user = userService.find(userDetails.getUsername());

    return new AuthenticationResponseDTO(
        user.getId(),
        newAccessToken,
        newRefreshToken,
        userDetails.getUsername(),
        user.getName(),
        user.getRole());
  }
}