import {
  getServiceAccountToken,
  synchronizePermissions as synchronizePermissionsBe,
} from '@axinom/mosaic-id-link-be';
import { PermissionDefinition } from '@axinom/mosaic-id-utils';
import { ensureError, isNullOrWhitespace } from '@axinom/mosaic-service-common';
import { green, red, yellow } from 'chalk';
import * as fs from 'fs';
import { exitCode } from '../../../common';
import { GetSyncPermissionsOptions } from './sync-permissions-options';

export const validateArgs = (
  args: GetSyncPermissionsOptions,
): [Required<GetSyncPermissionsOptions>, string[]] => {
  const errorMessages: string[] = [];

  const serviceId = args.serviceId ?? process.env.SERVICE_ID ?? '';

  const idServiceAuthBaseURL =
    args.idServiceAuthBaseURL ?? process.env.ID_SERVICE_AUTH_BASE_URL ?? '';
  const permissionDefinitionJsonPath =
    args.permissionDefinitionJsonPath ??
    `./src/generated/security/permission-definition.json`;
  const clientId = args.clientId ?? process.env.SERVICE_ACCOUNT_CLIENT_ID ?? '';
  const clientSecret =
    args.clientSecret ?? process.env.SERVICE_ACCOUNT_CLIENT_SECRET ?? '';

  if (isNullOrWhitespace(serviceId)) {
    errorMessages.push('[serviceId] is required.');
  } else if (serviceId.startsWith('ax-')) {
    errorMessages.push(`[serviceId] cannot start with ax-`);
  }
  if (isNullOrWhitespace(idServiceAuthBaseURL)) {
    errorMessages.push('[idServiceBaseURL] is required.');
  }
  if (isNullOrWhitespace(clientId)) {
    errorMessages.push('[clientId] is required.');
  }
  if (isNullOrWhitespace(clientSecret)) {
    errorMessages.push('[clientSecret] is required.');
  }

  return [
    {
      serviceId,
      idServiceAuthBaseURL,
      permissionDefinitionJsonPath,
      clientId,
      clientSecret,
    },
    errorMessages,
  ];
};

export const synchronizePermissions = async (
  args: Required<GetSyncPermissionsOptions>,
): Promise<void> => {
  try {
    const serviceAccountToken = await getServiceAccountToken(
      args.idServiceAuthBaseURL,
      args.clientId,
      args.clientSecret,
    );

    console.log(
      yellow(`Reading permissions from ${args.permissionDefinitionJsonPath}`),
    );

    const permissionDefinition: PermissionDefinition = JSON.parse(
      fs.readFileSync(args.permissionDefinitionJsonPath, 'utf-8'),
    );

    if (
      permissionDefinition === undefined ||
      permissionDefinition.permissions.length === 0
    ) {
      console.log(
        yellow(
          `No Permission Definition found in ${args.permissionDefinitionJsonPath}. Cannot proceed with permission synchronization.`,
        ),
      );
      return;
    }

    const permissionSyncResults = await synchronizePermissionsBe(
      args.idServiceAuthBaseURL,
      serviceAccountToken.accessToken,
      args.serviceId,
      permissionDefinition,
    );

    console.log(
      green(
        `Permissions synchronized successfully for Service [${args.serviceId}].`,
      ),
    );
    console.log(green(JSON.stringify(permissionSyncResults, null, 2)));
  } catch (e) {
    const error = ensureError(e);
    console.log(
      red(
        `Error while performing permission synchronization for Service ID [${args.serviceId}].`,
      ),
    );
    console.log(red(JSON.stringify(error.message)));
    process.exit(exitCode);
  }
};