<?php

namespace bff\auth;

use Request;
use Response;
use Illuminate\Support\Str;
use Illuminate\Contracts\Session\Session;
use Illuminate\Contracts\Auth\UserProvider;
use Illuminate\Contracts\Auth\StatefulGuard;
use Illuminate\Contracts\Auth\Authenticatable;
use modules\users\events\Login as LoginEvent;
use modules\users\events\Logout as LogoutEvent;
use modules\users\events\Authenticated as AuthenticatedEvent;

/**
 * Session guard
 * Adapted from \Illuminate\Auth\SessionGuard
 * @see https://github.com/illuminate/auth/blob/8.x/LICENSE.md
 */
class SessionGuard implements StatefulGuard
{
    /**
     * The name of the Guard. Typically "session".
     * Corresponds to guard name in authentication configuration.
     * @var string
     */
    protected $name;

    /**
     * The currently authenticated user.
     * @var User
     */
    protected $user;

    /**
     * The user provider implementation.
     * @var \Illuminate\Contracts\Auth\UserProvider
     */
    protected $provider;

    /**
     * @var Session
     */
    protected $session;

    /**
     * The user we last attempted to retrieve.
     * @var Authenticatable
     */
    protected $lastAttempted;

    /**
     * Indicates if the user was authenticated via a remember cookie.
     * @var bool
     */
    protected $viaRemember = false;

    /**
     * Remember cookie name.
     * @var string
     */
    protected $rememberCookieName;

    /**
     * Indicates if the user was logged out.
     * @var bool
     */
    protected $loggedOut = false;

    /**
     * Create a new authentication manager.
     * @param string $name
     * @param \Illuminate\Contracts\Auth\UserProvider $provider
     * @param \Illuminate\Contracts\Session\Session $session
     * @param string $rememberCookieName
     */
    public function __construct($name, UserProvider $provider, Session $session, $rememberCookieName = 'remember')
    {
        $this->name = $name;
        $this->provider = $provider;
        $this->session = $session;
        $this->rememberCookieName = $rememberCookieName;
    }

    /**
     * Get the ID for the currently authenticated user.
     * @return int|string|null
     */
    public function id()
    {
        if ($this->loggedOut || $this->guest()) {
            return null;
        }

        return $this->user()->getAuthIdentifier();
    }

    /**
     * Log a user into the application without sessions or cookies.
     * @param array $credentials
     * @return bool
     */
    public function once(array $credentials = [])
    {
        if ($this->validate($credentials)) {
            $this->setUser($this->getLastAttempted());
            return true;
        }
        return false;
    }

    /**
     * Log the given user ID into the application without sessions or cookies.
     * @param mixed $id
     * @return Authenticatable|false
     */
    public function onceUsingId($id)
    {
        if (! is_null($user = $this->provider->retrieveById($id))) {
            $this->setUser($user);
            return $user;
        }
        return false;
    }

    /**
     * Validate a user's credentials.
     * @param array $credentials
     * @return bool
     */
    public function validate(array $credentials = [])
    {
        $this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);

        return $this->hasValidCredentials($user, $credentials);
    }

    /**
     * Attempt to authenticate a user using the given credentials.
     * @param array $credentials
     * @param bool $remember
     * @return bool
     */
    public function attempt(array $credentials = [], $remember = false)
    {
        $this->lastAttempted = $user = $this->provider->retrieveByCredentials($credentials);

        if ($this->hasValidCredentials($user, $credentials)) {
            $this->login($user, $remember);
            return true;
        }
        return false;
    }

    /**
     * Determine if the current user is authenticated.
     * @return bool
     */
    public function check()
    {
        return ! is_null($this->user());
    }

    /**
     * Determine if the current user is a guest.
     * @return bool
     */
    public function guest()
    {
        return ! $this->check();
    }

    /**
     * Get the currently authenticated user.
     * @return mixed
     */
    public function user()
    {
        if ($this->loggedOut) {
            return null;
        }

        if (! is_null($this->user)) {
            return $this->user;
        }

        // Try to load the user using the identifier in the session
        $id = $this->getSessionUserId();
        if (! is_null($id)) {
            $this->user = $this->provider->retrieveById($id);
            if ($this->user) {
                AuthenticatedEvent::dispatch($this->name, $this->user->getAuthIdentifier());
            }
        }

        // Try to load the user using the remember cookie
        if (is_null($this->user) && bff()->frontend() && !is_null($this->user = $this->getRememberedUser())) {
            $this->viaRemember = true;
            $this->updateSession($this->user->getAuthIdentifier());
            LoginEvent::dispatch($this->name, $this->user->getAuthIdentifier(), true);
        }

        return $this->user;
    }

    /**
     * Set the current user.
     * @param Authenticatable $user
     * @return void
     */
    public function setUser(Authenticatable $user)
    {
        $this->user = $user;
        $this->loggedOut = false;
        AuthenticatedEvent::dispatch($this->name, $user->getAuthIdentifier());
    }

    /**
     * Log a user into the application.
     * @param Authenticatable $user
     * @param bool $remember
     * @return void
     */
    public function login(Authenticatable $user, $remember = false)
    {
        $this->updateSession($user->getAuthIdentifier());

        if ($remember) {
            // Create a new "remember" token for the user if such doesn't already exist.
            if (empty($user->getRememberToken())) {
                $this->refreshRememberToken($user);
            }
            $this->refreshRememberCookie($user);
        }

        LoginEvent::dispatch($this->name, $user->getAuthIdentifier(), $remember);

        $this->setUser($user);
    }

    /**
     * Log the given user ID into the application.
     * @param mixed $id
     * @param bool $remember
     * @return Authenticatable|false
     */
    public function loginUsingId($id, $remember = false)
    {
        if (! is_null($user = $this->provider->retrieveById($id))) {
            $this->login($user, $remember);
            return $user;
        }
        return false;
    }

    /**
     * Log the user out of the application.
     * @return void
     */
    public function logout()
    {
        $user = $this->user();

        $this->clearUserDataFromStorage();

        if (! is_null($user)) {
            $this->refreshRememberCookie($user, true);
            if (! empty($user->getRememberToken())) {
                $this->refreshRememberToken($user);
            }
            LogoutEvent::dispatch($this->name, $user->getAuthIdentifier());
        }

        $this->user = null;
        $this->loggedOut = true;
    }

    /**
     * Remove the user data from the session and cookies.
     * @return void
     */
    protected function clearUserDataFromStorage()
    {
        $this->session->remove($this->getName());
    }

    /**
     * Determine if the user matches the credentials.
     * @param Authenticatable|null $user
     * @param array $credentials
     * @return bool
     */
    protected function hasValidCredentials(?Authenticatable $user, array $credentials)
    {
        return ! is_null($user) && $this->provider->validateCredentials($user, $credentials);
    }

    /**
     * Extract user info by user identifier from "remember me" cookie.
     * @return Authenticatable|null
     */
    protected function getRememberedUser()
    {
        $segments = explode('|', Request::decryptedCookie($this->rememberCookieName, TYPE_STR));
        $id = trim($segments[0] ?? '');
        $token = trim($segments[1] ?? '');
        if ($id !== '' && $token !== '') {
            return $this->provider->retrieveByToken($id, $token);
        }
        return null;
    }

    /**
     * Refresh the "remember me" token for the user.
     * @param Authenticatable $user
     * @return void
     */
    protected function refreshRememberToken(Authenticatable $user)
    {
        $token = Str::random(60);

        $this->provider->updateRememberToken($user, $token);
    }

    /**
     * Refresh the "remember me" cookie for the user.
     * @param Authenticatable $user
     * @param bool $delete
     * @return void
     */
    protected function refreshRememberCookie(Authenticatable $user, $delete = false)
    {
        if ($delete) {
            Response::deleteCookie($this->rememberCookieName);
            return;
        }

        $token = $user->getRememberToken();

        if ($token) {
            Response::setEncryptedCookie(
                $this->rememberCookieName,
                $user->getAuthIdentifier() . '|' . $token
            );
        }
    }

    /**
     * Get user ID from session.
     * @return mixed
     */
    protected function getSessionUserId()
    {
        return $this->session->get(
            $this->getName()
        );
    }

    /**
     * Update the session with the given ID.
     * @param mixed $id
     * @return void
     */
    protected function updateSession($id)
    {
        $this->session->put($this->getName(), $id);
        $this->session->migrate();
    }

    /**
     * Determine if the user was authenticated via "remember me" cookie.
     * @return bool
     */
    public function viaRemember()
    {
        return $this->viaRemember;
    }

    /**
     * Get the last user we attempted to authenticate.
     * @return Authenticatable
     */
    public function getLastAttempted()
    {
        return $this->lastAttempted;
    }

    /**
     * Get a unique identifier for the auth session value.
     * @return string
     */
    public function getName()
    {
        return 'login_' . $this->name . '_id';
    }

    /**
     * Get the user provider used by the guard.
     * @return \Illuminate\Contracts\Auth\UserProvider
     */
    public function getProvider()
    {
        return $this->provider;
    }

    /**
     * Set the user provider used by the guard.
     * @param \Illuminate\Contracts\Auth\UserProvider $provider
     * @return void
     */
    public function setProvider(UserProvider $provider)
    {
        $this->provider = $provider;
    }
}