defmodule Boruta.Oauth.Revoke do
  @moduledoc """
  Access token revocation
  """

  alias Boruta.Oauth.Authorization
  alias Boruta.Oauth.RevokeRequest

  @doc """
  Revokes token according to the given `Boruta.Oauth.RevokeRequest`
  ## Examples
      iex> token(%RevokeRequest{
        client_id: "client_id",
        client_secret: "client_secret",
        token: "token"
      })
      :ok
  """
  @spec token(
          request :: %RevokeRequest{
            client_id: String.t(),
            client_secret: String.t(),
            token: String.t()
          }
        ) ::
          :ok
          | {:error, error :: Boruta.Oauth.Error.t()}
          | {:error, error :: String.t()}
  def token(%RevokeRequest{
        client_id: client_id,
        client_secret: client_secret,
        token: value,
        token_type_hint: token_type_hint
      }) do
    with {:ok, _client} <-
           Authorization.Client.authorize(
             id: client_id,
             secret: client_secret,
             grant_type: "revoke"
           ) do
      token =
        case token_type_hint do
          "refresh_token" ->
            with nil <- Boruta.AccessTokensAdapter.get_by(refresh_token: value) do
              Boruta.AccessTokensAdapter.get_by(value: value)
            end

          _ ->
            with nil <- Boruta.AccessTokensAdapter.get_by(value: value) do
              Boruta.AccessTokensAdapter.get_by(refresh_token: value)
            end
        end

      if token do
        with {:ok, _token} <- Boruta.AccessTokensAdapter.revoke(token) do
          :ok
        end
      else
        # return :ok even for unexisting tokens
        :ok
      end
    end
  end
end