package com.sigem.gis.security;

import io.jsonwebtoken.Claims;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.security.Keys;
import org.springframework.stereotype.Component;

import javax.crypto.SecretKey;
import java.util.Date;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;

@Component
public class JwtUtil {

    // LLAVE MAESTRA JWT - GESTIONADA PARA EL ENTORNO MULTITENANT (SIGEMWEB)
    private final String secret = "yvaga_sigemweb_super_secret_key_needs_to_be_at_least_32_bytes_long_2026!";
    private final SecretKey key = Keys.hmacShaKeyFor(secret.getBytes());

    // Generar Token insertando la Entidad seleccionada (para rutear el Multitenant luego)
    public String generateToken(String username, String entidadId) {
        Map<String, Object> claims = new HashMap<>();
        claims.put("entidad", entidadId);
        return createToken(claims, username);
    }

    private String createToken(Map<String, Object> claims, String subject) {
        return Jwts.builder()
                .claims(claims)
                .subject(subject)
                .issuedAt(new Date(System.currentTimeMillis()))
                // Expiración: 12 Horas de sesión activa
                .expiration(new Date(System.currentTimeMillis() + 1000 * 60 * 60 * 12))
                .signWith(key, Jwts.SIG.HS256)
                .compact();
    }

    public Boolean validateToken(String token, String extractedUsername) {
        final String username = extractUsername(token);
        return (username.equals(extractedUsername) && !isTokenExpired(token));
    }

    public String extractUsername(String token) {
        return extractClaim(token, Claims::getSubject);
    }

    public String extractEntidad(String token) {
        return extractAllClaims(token).get("entidad", String.class);
    }

    public Date extractExpiration(String token) {
        return extractClaim(token, Claims::getExpiration);
    }

    private <T> T extractClaim(String token, Function<Claims, T> claimsResolver) {
        final Claims claims = extractAllClaims(token);
        return claimsResolver.apply(claims);
    }

    private Claims extractAllClaims(String token) {
        return Jwts.parser()
                .verifyWith(key)
                .build()
                .parseSignedClaims(token)
                .getPayload();
    }

    private Boolean isTokenExpired(String token) {
        return extractExpiration(token).before(new Date());
    }
}