use axum::{
    extract::{Extension, State},
    http::{HeaderMap, StatusCode},
    response::IntoResponse,
};
use module_auth::LogoutAllSessionsInput;
use shared_contracts::auth::LogoutAllResponse;
use time::OffsetDateTime;

use crate::{
    api_response::json_success_body,
    auth::AuthenticatedAccessToken,
    auth_session::{
        attach_set_cookie_header, build_clear_refresh_session_cookie_header, map_logout_error,
    },
    http_error::AppError,
    request_context::RequestContext,
    state::AppState,
};

pub async fn logout_all(
    State(state): State<AppState>,
    Extension(request_context): Extension<RequestContext>,
    Extension(authenticated): Extension<AuthenticatedAccessToken>,
) -> Result<impl IntoResponse, AppError> {
    state
        .auth_user_service()
        .logout_all_sessions(
            LogoutAllSessionsInput {
                user_id: authenticated.claims().user_id().to_string(),
            },
            OffsetDateTime::now_utc(),
        )
        .map_err(map_logout_error)?;
    state
        .sync_auth_store_snapshot_to_spacetime()
        .await
        .map_err(|error| {
            AppError::from_status(StatusCode::INTERNAL_SERVER_ERROR)
                .with_message(format!("同步认证快照失败：{error}"))
        })?;

    let mut headers = HeaderMap::new();
    attach_set_cookie_header(
        &mut headers,
        build_clear_refresh_session_cookie_header(&state)?,
    );

    Ok((
        headers,
        json_success_body(Some(&request_context), LogoutAllResponse { ok: true }),
    ))
}