package model

import (
	"time"
)

// OAuthClient OAuth客户端
type OAuthClient struct {
	Base
	Name          string `json:"name" gorm:"size:50;not null"`
	Description   string `json:"description" gorm:"size:200"`
	ClientID      string `json:"client_id" gorm:"uniqueIndex;size:32;not null"`
	ClientSecret  string `json:"-" gorm:"size:64;not null"`
	RedirectURIs  string `json:"redirect_uris" gorm:"type:text"`   // 逗号分隔
	GrantTypes    string `json:"grant_types" gorm:"size:100"`      // authorization_code/refresh_token/client_credentials
	ResponseTypes string `json:"response_types" gorm:"size:50"`    // code/token
	AllowedScopes string `json:"allowed_scopes" gorm:"size:200"`   // openid profile email org roles
	TokenExpiry   int    `json:"token_expiry" gorm:"default:3600"` // access_token有效期(秒)
	RefreshExpiry int    `json:"refresh_expiry" gorm:"default:2592000"`
	OwnerID       string `json:"owner_id" gorm:"not null"`
	OrgID         string `json:"org_id" gorm:"index"`
	Status        int    `json:"status" gorm:"default:1"`
}

func (OAuthClient) TableName() string {
	return "oauth_clients"
}

// OAuthAuthorization 授权码
type OAuthAuthorization struct {
	Base
	UserID              string     `json:"user_id" gorm:"index;not null"`
	ClientID            string     `json:"client_id" gorm:"index;not null"`
	OrgID               string     `json:"org_id" gorm:"index"`
	Code                string     `json:"code" gorm:"uniqueIndex;size:64"`
	Scope               string     `json:"scope" gorm:"size:200"`
	State               string     `json:"state" gorm:"size:100"`
	RedirectURI         string     `json:"redirect_uri" gorm:"size:500"`
	CodeChallenge       string     `json:"-" gorm:"size:128"`
	CodeChallengeMethod string     `json:"-" gorm:"size:10"`
	Used                bool       `json:"used" gorm:"default:false"`
	UsedAt              *time.Time `json:"used_at"`
	ExpiresAt           time.Time  `json:"expires_at"`
}

func (OAuthAuthorization) TableName() string {
	return "oauth_authorizations"
}

// OAuthToken OAuth访问令牌
type OAuthToken struct {
	Base
	UserID       string     `json:"user_id" gorm:"index;not null"`
	ClientID     string     `json:"client_id" gorm:"index;not null"`
	OrgID        string     `json:"org_id" gorm:"index"`
	AccessToken  string     `json:"-" gorm:"uniqueIndex;size:64"`
	RefreshToken string     `json:"-" gorm:"uniqueIndex;size:64"`
	TokenType    string     `json:"token_type" gorm:"size:10;default:Bearer"`
	Scope        string     `json:"scope" gorm:"size:200"`
	ExpiresAt    time.Time  `json:"expires_at"`
	Revoked      bool       `json:"revoked" gorm:"default:false"`
	RevokedAt    *time.Time `json:"revoked_at"`
}

func (OAuthToken) TableName() string {
	return "oauth_tokens"
}

// Grant Types
const (
	GrantTypeAuthorizationCode = "authorization_code"
	GrantTypeRefreshToken      = "refresh_token"
	GrantTypeClientCredentials = "client_credentials"
	GrantTypePassword          = "password"
)

// Response Types
const (
	ResponseTypeCode  = "code"
	ResponseTypeToken = "token"
)

// Scopes
const (
	ScopeOpenID     = "openid"
	ScopeProfile    = "profile"
	ScopeEmail      = "email"
	ScopePhone      = "phone"
	ScopeOrg        = "org"
	ScopeRoles      = "roles"
	ScopeOffline    = "offline_access"
)