package models

import (
	"crypto/sha256"
	"encoding/base64"

	"go.infratographer.com/x/gidx"
)

const (
	// MetalUserIssuer is the issuer that is used for metal api token users.
	MetalUserIssuer = "https://auth.equinix.com/"

	// MetalUserIssuerIDPrefix is the issuer id prefix added by the issuer.
	MetalUserIssuerIDPrefix = "auth|"
)

// UserDetails contains the user information.
type UserDetails struct {
	id            *gidx.PrefixedID
	ID            string                 `json:"id"`
	FullName      string                 `json:"full_name"`
	Organizations []*OrganizationDetails `json:"organizations"`
	Projects      []*ProjectDetails      `json:"projects"`
	Roles         []string               `json:"roles"`
}

// PrefixedID returns the identity prefixed id for the user.
func (d *UserDetails) PrefixedID() gidx.PrefixedID {
	if d.id != nil {
		return *d.id
	}

	nullID := gidx.NullPrefixedID

	d.id = &nullID

	if d.ID == "" {
		return nullID
	}

	id, err := GenerateSubjectID(IdentityPrefixUser, MetalUserIssuer, MetalUserIssuerIDPrefix+d.ID)
	if err != nil {
		return nullID
	}

	d.id = &id

	return *d.id
}

// GenerateSubjectID builds a identity prefixed id with the provided prefix for the issuer and subject.
func GenerateSubjectID(prefix, iss, sub string) (gidx.PrefixedID, error) {
	// Concatenate the iss and sub values, then hash them
	issSub := iss + sub
	issSubHash := sha256.Sum256([]byte(issSub))

	digest := base64.RawURLEncoding.EncodeToString(issSubHash[:])

	// Concatenate the prefix with the digest
	out := prefix + "-" + digest

	return gidx.Parse(out)
}