package replay

import (
	"context"
	"crypto/tls"
	"encoding/base64"
	"errors"
	"fmt"
	"strings"
	"time"

	"galaxy/gateway/internal/config"

	"github.com/redis/go-redis/v9"
)

// RedisStore implements Store with Redis SETNX reservations over a dedicated
// key namespace.
type RedisStore struct {
	client         *redis.Client
	keyPrefix      string
	reserveTimeout time.Duration
}

// NewRedisStore constructs a Redis-backed replay store that reuses the
// SessionCache Redis deployment settings and applies the replay-specific key
// namespace and timeout controls from replayCfg.
func NewRedisStore(sessionCfg config.SessionCacheRedisConfig, replayCfg config.ReplayRedisConfig) (*RedisStore, error) {
	if strings.TrimSpace(sessionCfg.Addr) == "" {
		return nil, errors.New("new redis replay store: redis addr must not be empty")
	}
	if sessionCfg.DB < 0 {
		return nil, errors.New("new redis replay store: redis db must not be negative")
	}
	if strings.TrimSpace(replayCfg.KeyPrefix) == "" {
		return nil, errors.New("new redis replay store: replay key prefix must not be empty")
	}
	if replayCfg.ReserveTimeout <= 0 {
		return nil, errors.New("new redis replay store: reserve timeout must be positive")
	}

	options := &redis.Options{
		Addr:            sessionCfg.Addr,
		Username:        sessionCfg.Username,
		Password:        sessionCfg.Password,
		DB:              sessionCfg.DB,
		Protocol:        2,
		DisableIdentity: true,
	}
	if sessionCfg.TLSEnabled {
		options.TLSConfig = &tls.Config{MinVersion: tls.VersionTLS12}
	}

	return &RedisStore{
		client:         redis.NewClient(options),
		keyPrefix:      replayCfg.KeyPrefix,
		reserveTimeout: replayCfg.ReserveTimeout,
	}, nil
}

// Close releases the underlying Redis client resources.
func (s *RedisStore) Close() error {
	if s == nil || s.client == nil {
		return nil
	}

	return s.client.Close()
}

// Ping verifies that the configured Redis backend is reachable within the
// replay reserve timeout budget.
func (s *RedisStore) Ping(ctx context.Context) error {
	if s == nil || s.client == nil {
		return errors.New("ping redis replay store: nil store")
	}
	if ctx == nil {
		return errors.New("ping redis replay store: nil context")
	}

	pingCtx, cancel := context.WithTimeout(ctx, s.reserveTimeout)
	defer cancel()

	if err := s.client.Ping(pingCtx).Err(); err != nil {
		return fmt.Errorf("ping redis replay store: %w", err)
	}

	return nil
}

// Reserve records the authenticated deviceSessionID and requestID pair for
// ttl. It rejects duplicates while the reservation remains active.
func (s *RedisStore) Reserve(ctx context.Context, deviceSessionID string, requestID string, ttl time.Duration) error {
	if s == nil || s.client == nil {
		return errors.New("reserve replay request in redis: nil store")
	}
	if ctx == nil {
		return errors.New("reserve replay request in redis: nil context")
	}
	if strings.TrimSpace(deviceSessionID) == "" {
		return errors.New("reserve replay request in redis: empty device session id")
	}
	if strings.TrimSpace(requestID) == "" {
		return errors.New("reserve replay request in redis: empty request id")
	}
	if ttl <= 0 {
		return errors.New("reserve replay request in redis: ttl must be positive")
	}

	reserveCtx, cancel := context.WithTimeout(ctx, s.reserveTimeout)
	defer cancel()

	reserved, err := s.client.SetNX(reserveCtx, s.reservationKey(deviceSessionID, requestID), "1", ttl).Result()
	if err != nil {
		return fmt.Errorf("reserve replay request in redis: %w", err)
	}
	if !reserved {
		return fmt.Errorf("reserve replay request in redis: %w", ErrDuplicate)
	}

	return nil
}

func (s *RedisStore) reservationKey(deviceSessionID string, requestID string) string {
	return s.keyPrefix + encodeKeyComponent(deviceSessionID) + ":" + encodeKeyComponent(requestID)
}

func encodeKeyComponent(value string) string {
	return base64.RawURLEncoding.EncodeToString([]byte(value))
}

var _ Store = (*RedisStore)(nil)