/*
 * This file is part of a proprietary work.
 *
 * Copyright (c) 2025 Fossorial, Inc.
 * All rights reserved.
 *
 * This file is licensed under the Fossorial Commercial License.
 * You may not use this file except in compliance with the License.
 * Unauthorized use, copying, modification, or distribution is strictly prohibited.
 *
 * This file is not licensed under the AGPLv3.
 */

import {
    encodeHexLowerCase,
} from "@oslojs/encoding";
import { sha256 } from "@oslojs/crypto/sha2";
import { RemoteExitNode, remoteExitNodes, remoteExitNodeSessions, RemoteExitNodeSession } from "@server/db";
import { db } from "@server/db";
import { eq } from "drizzle-orm";

export const EXPIRES = 1000 * 60 * 60 * 24 * 30;

export async function createRemoteExitNodeSession(
    token: string,
    remoteExitNodeId: string,
): Promise<RemoteExitNodeSession> {
    const sessionId = encodeHexLowerCase(
        sha256(new TextEncoder().encode(token)),
    );
    const session: RemoteExitNodeSession = {
        sessionId: sessionId,
        remoteExitNodeId,
        expiresAt: new Date(Date.now() + EXPIRES).getTime(),
    };
    await db.insert(remoteExitNodeSessions).values(session);
    return session;
}

export async function validateRemoteExitNodeSessionToken(
    token: string,
): Promise<SessionValidationResult> {
    const sessionId = encodeHexLowerCase(
        sha256(new TextEncoder().encode(token)),
    );
    const result = await db
        .select({ remoteExitNode: remoteExitNodes, session: remoteExitNodeSessions })
        .from(remoteExitNodeSessions)
        .innerJoin(remoteExitNodes, eq(remoteExitNodeSessions.remoteExitNodeId, remoteExitNodes.remoteExitNodeId))
        .where(eq(remoteExitNodeSessions.sessionId, sessionId));
    if (result.length < 1) {
        return { session: null, remoteExitNode: null };
    }
    const { remoteExitNode, session } = result[0];
    if (Date.now() >= session.expiresAt) {
        await db
            .delete(remoteExitNodeSessions)
            .where(eq(remoteExitNodeSessions.sessionId, session.sessionId));
        return { session: null, remoteExitNode: null };
    }
    if (Date.now() >= session.expiresAt - (EXPIRES / 2)) {
        session.expiresAt = new Date(
            Date.now() + EXPIRES,
        ).getTime();
        await db
            .update(remoteExitNodeSessions)
            .set({
                expiresAt: session.expiresAt,
            })
            .where(eq(remoteExitNodeSessions.sessionId, session.sessionId));
    }
    return { session, remoteExitNode };
}

export async function invalidateRemoteExitNodeSession(sessionId: string): Promise<void> {
    await db.delete(remoteExitNodeSessions).where(eq(remoteExitNodeSessions.sessionId, sessionId));
}

export async function invalidateAllRemoteExitNodeSessions(remoteExitNodeId: string): Promise<void> {
    await db.delete(remoteExitNodeSessions).where(eq(remoteExitNodeSessions.remoteExitNodeId, remoteExitNodeId));
}

export type SessionValidationResult =
    | { session: RemoteExitNodeSession; remoteExitNode: RemoteExitNode }
    | { session: null; remoteExitNode: null };