<?php

declare(strict_types=1);

namespace GNexus\GAuth\Config;

use GNexus\GAuth\Exception\ConfigurationException;

final readonly class GAuthConfig
{
    private string $baseUrl;
    private string $clientId;
    private string $clientSecret;
    private string $redirectUri;
    private string $authorizePath;
    private string $tokenPath;
    private string $refreshPath;
    private string $revokePath;
    private string $userInfoPath;
    private int $stateTtlSeconds;
    private int $webhookToleranceSeconds;
    private ?string $userAgent;

    public function __construct(
        string $baseUrl,
        string $clientId,
        string $clientSecret,
        string $redirectUri,
        string $authorizePath = '/oauth/authorize',
        string $tokenPath = '/oauth/token',
        string $refreshPath = '/oauth/refresh',
        string $revokePath = '/oauth/revoke',
        string $userInfoPath = '/oauth/userinfo',
        int $stateTtlSeconds = 300,
        int $webhookToleranceSeconds = 300,
        ?string $userAgent = null,
    ) {
        $baseUrl = rtrim($baseUrl, '/');

        if ($baseUrl === '' || ! filter_var($baseUrl, FILTER_VALIDATE_URL)) {
            throw new ConfigurationException('Invalid gnexus-auth base URL.');
        }

        if ($clientId === '') {
            throw new ConfigurationException('client_id must not be empty.');
        }

        if ($clientSecret === '') {
            throw new ConfigurationException('client_secret must not be empty.');
        }

        if (! filter_var($redirectUri, FILTER_VALIDATE_URL)) {
            throw new ConfigurationException('Invalid redirect URI.');
        }

        if ($stateTtlSeconds < 60) {
            throw new ConfigurationException('state TTL must be at least 60 seconds.');
        }

        if ($webhookToleranceSeconds < 0) {
            throw new ConfigurationException('webhook tolerance must be zero or greater.');
        }

        $this->baseUrl = $baseUrl;
        $this->clientId = $clientId;
        $this->clientSecret = $clientSecret;
        $this->redirectUri = $redirectUri;
        $this->authorizePath = $authorizePath;
        $this->tokenPath = $tokenPath;
        $this->refreshPath = $refreshPath;
        $this->revokePath = $revokePath;
        $this->userInfoPath = $userInfoPath;
        $this->stateTtlSeconds = $stateTtlSeconds;
        $this->webhookToleranceSeconds = $webhookToleranceSeconds;
        $this->userAgent = $userAgent;
    }

    public function baseUrl(): string
    {
        return $this->baseUrl;
    }

    public function clientId(): string
    {
        return $this->clientId;
    }

    public function clientSecret(): string
    {
        return $this->clientSecret;
    }

    public function redirectUri(): string
    {
        return $this->redirectUri;
    }

    public function authorizePath(): string
    {
        return $this->authorizePath;
    }

    public function tokenPath(): string
    {
        return $this->tokenPath;
    }

    public function revokePath(): string
    {
        return $this->revokePath;
    }

    public function refreshPath(): string
    {
        return $this->refreshPath;
    }

    public function userInfoPath(): string
    {
        return $this->userInfoPath;
    }

    public function stateTtlSeconds(): int
    {
        return $this->stateTtlSeconds;
    }

    public function userAgent(): ?string
    {
        return $this->userAgent;
    }

    public function webhookToleranceSeconds(): int
    {
        return $this->webhookToleranceSeconds;
    }

    public function authorizeUrl(): string
    {
        return $this->baseUrl . $this->authorizePath;
    }

    public function tokenUrl(): string
    {
        return $this->baseUrl . $this->tokenPath;
    }

    public function revokeUrl(): string
    {
        return $this->baseUrl . $this->revokePath;
    }

    public function refreshUrl(): string
    {
        return $this->baseUrl . $this->refreshPath;
    }

    public function userInfoUrl(): string
    {
        return $this->baseUrl . $this->userInfoPath;
    }
}