package zllauth1

import (
	"crypto/subtle"
	"fmt"
	"github.com/dgrijalva/jwt-go"
	"time"
)

type ZLLAuthJwtClaim struct {
	ExpiresAt  int64                  `json:"exp,omitempty"`
	Id         string                 `json:"jti"`
	IssuedAt   int64                  `json:"iat,omitempty"`
	Issuer     string                 `json:"iss,omitempty"`
	NotBefore  int64                  `json:"nbf,omitempty"`
	Subject    string                 `json:"sub,omitempty"`
	ExtendInfo map[string]interface{} `json:"exi"`
}

func (c *ZLLAuthJwtClaim) Valid() error {
	now := jwt.TimeFunc().Unix()

	if c.VerifyExpiresAt(now, true) == false {
		delta := time.Unix(now, 0).Sub(time.Unix(c.ExpiresAt, 0))
		return fmt.Errorf("token is expired by %v", delta)
	}

	if c.VerifyIssuedAt(now, true) == false {
		return fmt.Errorf("Token used before issued")
	}

	if c.VerifyNotBefore(now, true) == false {
		return fmt.Errorf("token is not valid yet")
	}

	return nil
}

func (c *ZLLAuthJwtClaim) VerifyExpiresAt(cmp int64, req bool) bool {
	if c.ExpiresAt == 0 {
		return !req
	}
	return cmp <= c.ExpiresAt
}

func (c *ZLLAuthJwtClaim) VerifyIssuedAt(cmp int64, req bool) bool {
	if c.IssuedAt == 0 {
		return !req
	}
	return cmp >= c.IssuedAt
}

func (c *ZLLAuthJwtClaim) VerifyIssuer(cmp string, req bool) bool {
	if c.Issuer == "" {
		return !req
	}
	if subtle.ConstantTimeCompare([]byte(c.Issuer), []byte(cmp)) != 0 {
		return true
	} else {
		return false
	}
}

func (c *ZLLAuthJwtClaim) VerifyNotBefore(cmp int64, req bool) bool {
	if c.NotBefore == 0 {
		return !req
	}
	return cmp >= c.NotBefore
}

func (c *ZLLAuthJwtClaim) VerifySubject(cmp string, req bool) bool {
	if c.Subject == "" {
		return !req
	}
	if subtle.ConstantTimeCompare([]byte(c.Subject), []byte(cmp)) != 0 {
		return true
	} else {
		return false
	}
}