package lu.foyer
package auth

import java.time.Clock
import java.util.Base64

import zio.*
import zio.json.*

import lu.foyer.auth.JwtScalaTokenService.Claims

case class JwtScalaTokenService() extends JwtTokenService:
  implicit val clock: Clock = Clock.systemUTC

  // Doesn't actually verify, we just pretend for simplicity
  override def verify(token: String): Task[String] =
    token.split('.').drop(1).headOption match
      case Some(base64) =>
        new String(Base64.getDecoder().decode(base64)).fromJson[Claims] match
          case Right(claims) => ZIO.succeed(claims.sub)
          case Left(error)   =>
            ZIO.logWarning(s"Failed to parse JWT claims : $error") *>
              ZIO.fail(new Exception("Invalid token"))
      case None => ZIO.fail(new Exception("Invalid token"))

object JwtScalaTokenService:
  val live = ZLayer.succeed(JwtScalaTokenService())

  final private[auth] case class Claims(sub: String) derives JsonDecoder