package auth

import (
	"context"
	"encoding/json"
	"time"
)

type UserRepository interface {
	List(ctx context.Context) ([]User, error)
	GetByEmail(ctx context.Context, email string) (*User, error)
	GetByID(ctx context.Context, userID string) (*User, error)
	Create(ctx context.Context, user User) (*User, error)
}

type DeviceRepository interface {
	Upsert(ctx context.Context, params UpsertDeviceParams) (*Device, error)
	GetByIDForUser(ctx context.Context, userID, deviceID string) (*Device, error)
	ListTrustedByUser(ctx context.Context, userID string) ([]Device, error)
	Revoke(ctx context.Context, params RevokeDeviceParams) error
}

type AuthSessionRepository interface {
	Create(ctx context.Context, session AuthSession) error
	GetByID(ctx context.Context, authSessionID string) (*AuthSession, error)
	GetByIDForUpdate(ctx context.Context, authSessionID string) (*AuthSession, error)
	Rotate(ctx context.Context, params RotateAuthSessionParams) error
	Touch(ctx context.Context, authSessionID string, seenAt time.Time) error
	Revoke(ctx context.Context, params RevokeAuthSessionParams) error
	RevokeByDevice(ctx context.Context, userID, deviceID, reason string, revokedAt time.Time) error
}

type InstallationRepository interface {
	GetStatus(ctx context.Context) (*InstallationAuthorityState, error)
	BootstrapOwner(ctx context.Context, params BootstrapOwnerParams) (*User, error)
}

type Store interface {
	Users() UserRepository
	Devices() DeviceRepository
	AuthSessions() AuthSessionRepository
	Installation() InstallationRepository
}

type Transactor interface {
	WithinTransaction(ctx context.Context, fn func(store Store) error) error
}

type UpsertDeviceParams struct {
	UserID         string
	Fingerprint    string
	Label          string
	TrustRequested bool
	SeenAt         time.Time
}

type RotateAuthSessionParams struct {
	AuthSessionID    string
	RefreshTokenHash string
	RefreshExpiresAt time.Time
	LastSeenAt       time.Time
	LastRotatedAt    time.Time
}

type RevokeAuthSessionParams struct {
	AuthSessionID string
	UserID        string
	Reason        string
	RevokedAt     time.Time
}

type RevokeDeviceParams struct {
	UserID    string
	DeviceID  string
	Reason    string
	RevokedAt time.Time
}

type InstallationAuthorityState struct {
	Bootstrapped           bool
	AuthorityState         string
	InstallID              string
	ProductRootFingerprint string
	BootstrappedOwnerEmail string
	BootstrappedAt         *time.Time
}

type BootstrapOwnerParams struct {
	Email                     string
	PasswordHash              string
	Role                      string
	InstallID                 string
	ProductRootKeyFingerprint string
	ActivationPayload         json.RawMessage
	ActivationSignature       string
	GrantSource               string
	ExpiresAt                 *time.Time
	Now                       time.Time
}