require "google-directory/config"
require 'google/api_client'

module GoogleDirectory

    class Client

        attr_reader :directory_api, :client, :config

        def initialize(scope = :main)
            @config = GoogleDirectory.configuration
            @config = @config.using(scope) if @config.scope_name != scope

            
            @key = Google::APIClient::KeyUtils.load_from_pkcs12(@config.key_file, @config.key_passphrase)
            @client = Google::APIClient.new(:application_name => 'Saeko Directory API', :application_version => '1.0.0')

            @client.authorization = Signet::OAuth2::Client.new(
                :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
                :audience => 'https://accounts.google.com/o/oauth2/token',
                :scope => 'https://www.googleapis.com/auth/admin.directory.user',
                :issuer => @config.issuer, 
                :person => @config.admin_email,
                :signing_key => @key
            )

            if token = @config.load_token

                token['issued_at'] = DateTime.parse( token['issued_at'] )
                @client.authorization.update_token!(token)

            else
                token = @client.authorization.fetch_access_token!
                token['issued_at'] = @client.authorization.issued_at.to_s
                @config.save_token(token)

            end
            
            @directory_api = @client.discovered_api('admin', 'directory_v1')
        end


        #
        # https://developers.google.com/admin-sdk/directory/v1/reference/users/list#auth
        # 
        # Optional Parameters:
        #   customFieldMask
        #   customer
        #   domain
        #   maxResults
        #   orderBy
        #   pageToken
        #   projection
        #   query
        #   showDeleted
        #   sortOrder
        #   viewType
        #
        def find_users(params)
            execute(:api_method => directory_api.users.list, :parameters => params)
        end

        def find_user_by_email(email)
            execute(:api_method => directory_api.users.get, :parameters => { 'userKey' => email })
        end

        #
        # https://developers.google.com/admin-sdk/directory/v1/reference/users/insert
        #
        def create_user(email, given_name, family_name, password, opts = {})
            opts = {
                'name'                       => { 'givenName' => given_name, 'familyName' => family_name},
                'password'                   => password,
                'primaryEmail'               => email,
                'changePasswordAtNextLogin'  => true
            }.merge(opts)

            execute(:api_method => directory_api.users.insert, :body_object => opts)
        end

        def delete_user(email)
            execute(:api_method => directory_api.users.delete, :parameters => {'userKey' => email})
        end

        def update_user(email, update_data = {})
            execute(:api_method => directory_api.users.update, :parameters => {'userKey' => email}, :body_object => update_data)
        end

        def update_user_password(email, password)
            update_user(email, {'password' => password, 'changePasswordAtNextLogin' => false})
        end

        private 

            def execute(opts)
                if client.authorization.expired?
                    token = client.authorization.refresh!
                    token['issued_at'] = client.authorization.issued_at.to_s
                    config.save_token(token)
                end

                result = client.execute(opts)
                return JSON.parse(result.body) if result.status == 200
                return nil if [204, 404].include?(result.status)

                Rails.logger.error("== Google ERROR ==\n\t- execute(#{opts})\n\t- response:\n#{result.response.to_yaml}")

            end
    end

end