<?php
namespace Isekai\AIToolbox\Api\AIToolbox;

use ApiBase;
use Config;
use Isekai\AIToolbox\Api\ApiAIToolbox;
use MediaWiki\MediaWikiServices;
use Firebase\JWT\JWT;

class ApiCreateToken extends ApiBase {
    /** @var MediaWikiServices */
    private $services;

    /** @var Config */
    private $config;

    /** @var ApiAIToolbox */
    private $mParent;

    public function __construct(ApiAIToolbox $main, $method) {
        parent::__construct($main->getMain(), $method);

        $this->mParent = $main;
        $this->services = MediaWikiServices::getInstance();
        $this->config = $this->getConfig();
    }

    public function execute() {
        $user = $this->getUser();

        if (!$user->isRegistered()) {
            $this->addError('apierror-isekai-ai-toolbox-nopermission', 'nopermission');
            return false;
        }
        
        $result = $this->getResult();

        $permissionMap = ApiAIToolbox::$permissionMap;

        $permissions = [];
        foreach ($permissionMap as $key => $permissionKey) {
            if ($user->isAllowed($permissionKey)) {
                $permissions[] = $key;
            }
        }
        
        // if (!$user->isAllowedAny(...array_values($permissionMap))) {
        //     $this->addError('apierror-isekai-ai-toolbox-nopermission', 'nopermission');
        //     return false;
        // }
        
        // Create JWT
        $tokenId = $this->config->get('IsekaiAIToolboxTokenId');
        $token = $this->config->get('IsekaiAIToolboxToken');

        $currentTime = time();
        $expireTime = $currentTime + 86400; // 1 day

        $payload = [
            'iss' => 'mw-ai-toolbox',
            'sub' => $user->getId(),
            'userName' => $user->getName(),
            'iat' => $currentTime,
            'exp' => $expireTime,
            'permissions' => $permissions,
        ];

        $jwt = JWT::encode($payload, $token, 'HS256', $tokenId);

        $result->addValue(['aitoolbox', $this->getModuleName()], 'token', $jwt);
        
        return true;
    }

    public function getCacheMode($params) {
		return 'private';
	}

    public function getParent() {
        return $this->mParent;
    }

    public function needsToken() {
        return 'csrf';
    }
}