// Copyright (c) Microsoft. All rights reserved.
//
// Licensed under the MIT license.

using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Microsoft.Artifacts.Authentication;
using Microsoft.Extensions.Logging;
using Microsoft.Identity.Client.Extensions.Msal;
using NuGetCredentialProvider.Util;

namespace NuGetCredentialProvider.CredentialProviders.Vsts
{
    internal class MsalTokenProvidersFactory : ITokenProvidersFactory
    {
        private readonly ILogger logger;
        private MsalCacheHelper cache;

        public MsalTokenProvidersFactory(ILogger logger)
        {
            this.logger = logger;
        }

        public async Task<IEnumerable<ITokenProvider>> GetAsync(Uri authority)
        {
            if (cache == null && EnvUtil.MsalFileCacheEnabled())
            {
                cache = await MsalCache.GetMsalCacheHelperAsync(EnvUtil.GetMsalCacheLocation(), logger);
            }

            var app = AzureArtifacts.CreateDefaultBuilder(authority)
                .WithBroker(EnvUtil.MsalAllowBrokerEnabled(), logger)
                .WithHttpClientFactory(HttpClientFactory.Default)
                .WithLogging(
                    (Microsoft.Identity.Client.LogLevel level, string message, bool containsPii) =>
                    {
                        // We ignore containsPii param because we are passing in enablePiiLogging below.
                        logger.LogTrace("MSAL Log ({level}): {message}", level, message);
                    },
                    enablePiiLogging: EnvUtil.GetLogPIIEnabled()
                )
                .Build();

            cache?.RegisterCache(app.UserTokenCache);

            return MsalTokenProviders.Get(app, logger);
        }
    }
}