package validatetoken

import (
	"encoding/json"
	"github.com/cristalhq/jwt"
	"standard/token/avata/model"
	"time"
)

//
func ValidateToken(tokenType model.TokenType, tokenInfo *model.OauthToken) bool {
	if tokenInfo.RTokenExpiredAt.Before(time.Now()) {
		return false
	}
	if tokenType == model.TokenTypeAccess && tokenInfo.ExpiredAt.Before(time.Now()) {
		return false
	}
	switch tokenType {
	case model.TokenTypeRefresh:
		if tokenInfo.RefreshToken != tokenInfo.Token {
			return false
		}
	default:
		if tokenInfo.Token != tokenInfo.Token {
			return false
		}
	}
	return true
}

//根据token获取id
func ParseIdFromToken(tokenType model.TokenType, token string) (string, error) {
	var claim model.TokenClaim
	var key string
	switch tokenType {
	case model.TokenTypeRefresh:
		key = "REFRESH_TOKEN_KEY"
	default:
		key = "ACCESS_TOKEN_KEY"
	}
	err := verifyToken(key, token, &claim)
	if err != nil {
		return "", err
	}
	return claim.Id, nil
}

//验证token
func verifyToken(key, token string, claim interface{}) error {
	verifier, err := jwt.NewVerifierHS(jwt.HS256, []byte(key))
	if err != nil {
		return err
	}

	// parse and verify a token
	newToken, err := jwt.Parse([]byte(token), verifier)
	if err != nil {
		return err
	}
	if err = json.Unmarshal(newToken.Claims(), claim); err != nil {
		return err
	}
	return nil
}