using Google.Apis.Auth;
using Google.Apis.Http;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
using Microsoft.Identity.Client.Platforms.Features.DesktopOs.Kerberos;
using Microsoft.IdentityModel.Tokens;
using System.Configuration;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using WebAPI.Models;

namespace WebAPI.Controllers
{
    [ApiController]
    [Route("api/[controller]")]
    // [Authorize]
    public class AuthController : Controller
    {
        private readonly AppDbContext db;
        private readonly IConfiguration configuration;
        public AuthController(
            AppDbContext _db, IConfiguration _configuration)
        { db = _db; configuration = _configuration; }

        [HttpPost]
        [Route("apiToken")]
        public async Task<IActionResult> apiToken([FromBody] string credential)
        {
            var settings = new GoogleJsonWebSignature.ValidationSettings()
            {
                Audience = new List<string> { configuration.GetValue<string>("GoogleClientId")! }
            };
            var payload = await GoogleJsonWebSignature.ValidateAsync(credential, settings);
            var user = db.Users.Where(x => x.Email == payload.Email).FirstOrDefault();
            if (user != null)
            {
                return Ok(JWTGenerator(user));
            }
            else
            {
                return Unauthorized();
            }
        }

        private dynamic JWTGenerator(User user)
        {
            var key = Encoding.ASCII.GetBytes(configuration.GetValue<string>("Secret")!);
            var expirationTime = DateTime.UtcNow.AddMinutes(5);
            var tokenDescriptor = new SecurityTokenDescriptor
            {
                Subject = new ClaimsIdentity(new[]
                {
                new Claim("Id", Guid.NewGuid().ToString()),
                new Claim(JwtRegisteredClaimNames.Sub, user.Id.ToString()),
                new Claim(JwtRegisteredClaimNames.Jti,
                Guid.NewGuid().ToString())
             }),
                Expires = expirationTime,
                SigningCredentials = new SigningCredentials
                (new SymmetricSecurityKey(key),
                SecurityAlgorithms.HmacSha512Signature)
            };
            var tokenHandler = new JwtSecurityTokenHandler();
            var token = tokenHandler.CreateToken(tokenDescriptor);
            var jwtToken = tokenHandler.WriteToken(token);
            var stringToken = tokenHandler.WriteToken(token);
            return new { token = stringToken, id = user.Id, expirationTime };
        }
    }
}