using System.Security.Claims;
using System.Text.Encodings.Web;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;

namespace IamService.FunctionalTests;

/// <summary>
/// EN: Test authentication handler that bypasses JWT validation for functional tests.
/// VI: Handler xác thực test để bypass JWT validation cho functional tests.
/// </summary>
public class TestAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
{
    public TestAuthenticationHandler(
        IOptionsMonitor<AuthenticationSchemeOptions> options,
        ILoggerFactory logger,
        UrlEncoder encoder)
        : base(options, logger, encoder)
    {
    }

    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
    {
        // EN: Check if Authorization header exists and starts with Bearer
        // VI: Kiểm tra nếu Authorization header tồn tại và bắt đầu với Bearer
        var authHeader = Request.Headers.Authorization.ToString();
        
        if (string.IsNullOrEmpty(authHeader) || !authHeader.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
        {
            return Task.FromResult(AuthenticateResult.NoResult());
        }

        var token = authHeader["Bearer ".Length..].Trim();
        
        if (string.IsNullOrEmpty(token))
        {
            return Task.FromResult(AuthenticateResult.Fail("No token provided"));
        }

        try
        {
            // EN: Parse the JWT token to extract claims (without signature validation)
            // VI: Parse JWT token để trích xuất claims (không validate signature)
            var handler = new System.IdentityModel.Tokens.Jwt.JwtSecurityTokenHandler();
            
            if (!handler.CanReadToken(token))
            {
                return Task.FromResult(AuthenticateResult.Fail("Invalid token format"));
            }
            
            var jwtToken = handler.ReadJwtToken(token);

            // EN: Create claims identity from token
            // VI: Tạo claims identity từ token
            var claims = jwtToken.Claims.ToList();
            
            // EN: Ensure we have a name identifier claim
            // VI: Đảm bảo có name identifier claim
            var subClaim = claims.FirstOrDefault(c => c.Type == "sub");
            if (subClaim != null && !claims.Any(c => c.Type == ClaimTypes.NameIdentifier))
            {
                claims.Add(new Claim(ClaimTypes.NameIdentifier, subClaim.Value));
            }

            var identity = new ClaimsIdentity(claims, "Test");
            var principal = new ClaimsPrincipal(identity);
            var ticket = new AuthenticationTicket(principal, "Bearer");

            return Task.FromResult(AuthenticateResult.Success(ticket));
        }
        catch (Exception ex)
        {
            return Task.FromResult(AuthenticateResult.Fail($"Token parsing failed: {ex.Message}"));
        }
    }
}