<?php

namespace App\Module\OAuth\Services;

use App\Module\OAuth\Models\OAuthClient;
use App\Module\OAuth\Models\OAuthAccessToken;
use League\OAuth2\Server\AuthorizationServer;
use League\OAuth2\Server\Grant\AuthCodeGrant;
use League\OAuth2\Server\Grant\RefreshTokenGrant;
use League\OAuth2\Server\Grant\ClientCredentialsGrant;
use League\OAuth2\Server\Grant\PasswordGrant;
use League\OAuth2\Server\CryptKey;
use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\Repositories\UserRepositoryInterface;
use DateInterval;

class OAuthService
{
    protected $server;

    public function __construct(
        ClientRepositoryInterface $clientRepository,
        AccessTokenRepositoryInterface $accessTokenRepository,
        ScopeRepositoryInterface $scopeRepository,
        AuthCodeRepositoryInterface $authCodeRepository,
        RefreshTokenRepositoryInterface $refreshTokenRepository,
        UserRepositoryInterface $userRepository
    ) {
        // 初始化授权服务器
        $this->server = new AuthorizationServer(
            $clientRepository,
            $accessTokenRepository,
            $scopeRepository,
            new CryptKey(storage_path('oauth/private.key')),
            app('encrypter')->getKey()
        );

        // 配置授权类型
        $this->configureGrants(
            $authCodeRepository,
            $refreshTokenRepository,
            $userRepository
        );
    }

    protected function configureGrants(
        $authCodeRepository,
        $refreshTokenRepository,
        $userRepository
    ) {
        // 授权码模式
        $authCodeGrant = new AuthCodeGrant(
            $authCodeRepository,
            $refreshTokenRepository,
            new DateInterval('PT10M') // 授权码10分钟过期
        );
        $authCodeGrant->setRefreshTokenTTL(new DateInterval('P1M')); // 刷新令牌1个月过期
        $this->server->enableGrantType($authCodeGrant);

        // 密码模式
        $passwordGrant = new PasswordGrant($userRepository, $refreshTokenRepository);
        $passwordGrant->setRefreshTokenTTL(new DateInterval('P1M'));
        $this->server->enableGrantType($passwordGrant);

        // 客户端模式
        $clientCredentialsGrant = new ClientCredentialsGrant();
        $this->server->enableGrantType($clientCredentialsGrant);

        // 刷新令牌
        $refreshTokenGrant = new RefreshTokenGrant($refreshTokenRepository);
        $refreshTokenGrant->setRefreshTokenTTL(new DateInterval('P1M'));
        $this->server->enableGrantType($refreshTokenGrant);
    }

    public function getServer()
    {
        return $this->server;
    }

    public function createClient($name, $redirectUri, array $grantTypes = [], array $scopes = [])
    {
        return OAuthClient::create([
            'name' => $name,
            'client_id' => bin2hex(random_bytes(20)),
            'client_secret' => bin2hex(random_bytes(20)),
            'redirect_uri' => $redirectUri,
            'grant_types' => $grantTypes,
            'scope' => $scopes,
        ]);
    }

    public function validateToken($accessToken)
    {
        return OAuthAccessToken::where('access_token', $accessToken)
            ->where('expires_at', '>', now())
            ->first();
    }
}