// Copyright (C) The Arvados Authors. All rights reserved.
//
// SPDX-License-Identifier: AGPL-3.0

package localdb

import (
	"context"
	"errors"
	"fmt"
	"strings"

	"git.arvados.org/arvados.git/lib/ctrlctx"
	"git.arvados.org/arvados.git/sdk/go/auth"
)

func (conn *Conn) ExpireAPIClientAuthorization(ctx context.Context) error {
	creds, ok := auth.FromContext(ctx)

	if !ok {
		return errors.New("credentials not found from context")
	}

	if len(creds.Tokens) < 1 {
		return errors.New("no tokens found to expire")
	}

	token := creds.Tokens[0]
	tokensecret := token
	if strings.Contains(token, "/") {
		tokenparts := strings.Split(token, "/")
		if len(tokenparts) >= 3 {
			tokensecret = tokenparts[2]
		}
	}

	tx, err := ctrlctx.CurrentTx(ctx)
	if err != nil {
		return err
	}

	res, err := tx.ExecContext(ctx, "UPDATE api_client_authorizations SET expires_at=current_timestamp WHERE api_token=$1", tokensecret)
	if err != nil {
		return err
	}

	rows, err := res.RowsAffected()
	if err != nil {
		return err
	}
	if rows != 1 {
		return fmt.Errorf("token expiration affected rows: %d -  token: %s", rows, token)
	}

	return nil
}