import { refreshAccessToken } from './microsoft-oauth';
import { getRedisClient, KEYS } from '@/lib/redis';

/**
 * Check if a token is expired or about to expire (within 5 minutes)
 */
export function isTokenExpired(expiryTimestamp: number): boolean {
  const fiveMinutesInMs = 5 * 60 * 1000;
  return Date.now() + fiveMinutesInMs >= expiryTimestamp;
}

/**
 * Refresh an access token if it's expired or about to expire
 */
export async function ensureFreshToken(
  userId: string,
  email: string
): Promise<{ accessToken: string; success: boolean }> {
  try {
    // Use Redis to get the tokens (no database lookup needed)
    console.log(`Checking if token refresh is needed for ${email}`);
    const redis = getRedisClient();
    const key = KEYS.CREDENTIALS(userId, email);
    const credStr = await redis.get(key);
    
    if (!credStr) {
      console.log(`No credentials found in Redis for ${email}`);
      return { accessToken: '', success: false };
    }
    
    const creds = JSON.parse(credStr);
    
    // If not OAuth or missing refresh token, return failure
    if (!creds.useOAuth || !creds.refreshToken) {
      console.log(`Account ${email} is not using OAuth or missing refresh token`);
      return { accessToken: '', success: false };
    }

    // If token is still valid, return current token
    if (creds.tokenExpiry && creds.accessToken && 
        creds.tokenExpiry > Date.now() + 5 * 60 * 1000) {
      console.log(`Token for ${email} is still valid, no refresh needed`);
      return { accessToken: creds.accessToken, success: true };
    }

    // Token is expired or about to expire, refresh it
    console.log(`Refreshing token for ${email}`);
    const tokens = await refreshAccessToken(creds.refreshToken);
    
    // Update Redis cache with new tokens
    creds.accessToken = tokens.access_token;
    if (tokens.refresh_token) {
      creds.refreshToken = tokens.refresh_token;
    }
    creds.tokenExpiry = Date.now() + (tokens.expires_in * 1000);
    
    await redis.set(key, JSON.stringify(creds), 'EX', 86400); // 24 hours
    console.log(`Token for ${email} refreshed and cached in Redis`);

    return { accessToken: tokens.access_token, success: true };
  } catch (error) {
    console.error(`Error refreshing token for ${email}:`, error);
    return { accessToken: '', success: false };
  }
}