use tonic::{Request, Response, Status};

use crate::pb::im::internal_auth_service_server::InternalAuthService as InternalAuthServiceTrait;
use crate::pb::im::{AuthenticateRequest, AuthenticateResponse};
use crate::service::internal_auth::InternalAuthService;

pub struct InternalAuthGrpcService {
    service: InternalAuthService,
}

impl InternalAuthGrpcService {
    pub fn new(service: InternalAuthService) -> Self {
        Self { service }
    }
}

#[tonic::async_trait]
impl InternalAuthServiceTrait for InternalAuthGrpcService {
    async fn authenticate(
        &self,
        request: Request<AuthenticateRequest>,
    ) -> Result<Response<AuthenticateResponse>, Status> {
        let req = request.into_inner();

        if req.api_key.is_empty() {
            return Ok(Response::new(AuthenticateResponse {
                authenticated: false,
                service_name: String::new(),
                service_id: String::new(),
                scopes: vec![],
                expires_at: 0,
            }));
        }

        match self.service.verify_api_key(&req.api_key).await {
            Ok(Some(identity)) => Ok(Response::new(AuthenticateResponse {
                authenticated: true,
                service_name: identity.service_name,
                service_id: identity.service_id,
                scopes: identity.scopes,
                expires_at: identity.expires_at,
            })),
            Ok(None) => Ok(Response::new(AuthenticateResponse {
                authenticated: false,
                service_name: String::new(),
                service_id: String::new(),
                scopes: vec![],
                expires_at: 0,
            })),
            Err(e) => Err(Status::internal(format!("auth verification failed: {e}"))),
        }
    }
}