using static System.Security.Cryptography.RandomNumberGenerator;

namespace Femto.Modules.Auth.Models;

internal class Session
{
    private static TimeSpan SessionTimeout { get; } = TimeSpan.FromMinutes(30);
    private static TimeSpan ExpiryBuffer { get; } = TimeSpan.FromMinutes(5);
    public string Id { get; private set; }
    public Guid UserId { get; private set; }
    public DateTimeOffset Expires { get; private set; }
    public bool ExpiresSoon => Expires < DateTimeOffset.UtcNow + ExpiryBuffer;

    // true if this session was created with remember me token
    // otherwise false
    // required to be true to do things like change password etc.
    public bool IsStronglyAuthenticated { get; private set; }
    public bool ShouldRefresh => this.Expires < DateTimeOffset.UtcNow + ExpiryBuffer;

    private Session() { }

    public static Session Strong(Guid userId) => new(userId, true);

    public static Session Weak(Guid userId) => new(userId, false);

    private Session(Guid userId, bool isStrong)
    {
        this.Id = Convert.ToBase64String(GetBytes(32));
        this.UserId = userId;
        this.Expires = DateTimeOffset.UtcNow + SessionTimeout;
        this.IsStronglyAuthenticated = isStrong;
    }
}