# frozen_string_literal: true

class Authentication < ApplicationRecord
  belongs_to :user

  scope :for, ->(provider) { where(provider: provider) }

  encrypts :access_token
  encrypts :refresh_token

  def expired?
    expires_at <= Time.current
  end

  def refresh_from(client_secret)
    client_secret.refresh!
    self.access_token = client_secret.access_token if client_secret.access_token.present?
    self.refresh_token = client_secret.refresh_token if client_secret.refresh_token.present?
    self.expires_at = Time.zone.at(client_secret.expires_at) if client_secret.expires_at.present?
    save
  end

  def google_authorization
    return nil unless provider == 'google'

    @google_authorization ||= CLIENT_SECRETS.to_authorization.tap do |c|
      c.access_token = access_token
      c.refresh_token = refresh_token
      c.expires_at = expires_at
      if expires_at < 1.minute.from_now
        refresh_from(c)
      end
    end
  end
end