using System.Security.Claims;
using Socialize.Infrastructure.Security;
using Socialize.Modules.Identity.Configuration;
using Socialize.Modules.Identity.Contracts;
using Socialize.Modules.Identity.Data;
using Microsoft.Extensions.Options;

namespace Socialize.Modules.Identity.Services;

public sealed class AccessTokenFactory(
    UserManager userManager,
    IOptionsSnapshot<JwtOptions> jwtOptions)
{
    public async Task<string> CreateAsync(User user)
    {
        IList<string> roles = await userManager.GetRolesAsync(user);
        IList<Claim> claims = await userManager.GetClaimsAsync(user);

        string persona = roles.Contains(KnownRoles.Manager, StringComparer.Ordinal)
            ? KnownRoles.Manager
            : roles.Contains(KnownRoles.Client, StringComparer.Ordinal)
                ? KnownRoles.Client
                : roles.Contains(KnownRoles.Provider, StringComparer.Ordinal)
                    ? KnownRoles.Provider
                    : KnownRoles.WorkspaceMember;

        List<Claim> tokenClaims = [.. claims, new Claim(KnownClaims.Persona, persona)];

        return JwtTokenHelper.GenerateJwtToken(
            jwtOptions.Value.Lifetime,
            jwtOptions.Value.Issuer,
            jwtOptions.Value.Audience,
            jwtOptions.Value.Key,
            user.Id.ToString(),
            user.Email ?? string.Empty,
            user.Alias,
            user.Firstname ?? string.Empty,
            user.Lastname ?? string.Empty,
            user.PortraitUrl,
            roles,
            tokenClaims);
    }
}