package registry

import (
	"errors"
	"time"

	"github.com/GoogleCloudPlatform/kubernetes/pkg/auth/user"
	"github.com/openshift/origin/pkg/oauth/registry/accesstoken"
)

type TokenAuthenticator struct {
	registry accesstoken.Registry
}

var ErrExpired = errors.New("Token is expired")

func NewTokenAuthenticator(registry accesstoken.Registry) *TokenAuthenticator {
	return &TokenAuthenticator{
		registry: registry,
	}
}

func (a *TokenAuthenticator) AuthenticateToken(value string) (user.Info, bool, error) {
	token, err := a.registry.GetAccessToken(value)
	if err != nil {
		return nil, false, err
	}
	if token.CreationTimestamp.Time.Add(time.Duration(token.ExpiresIn) * time.Second).Before(time.Now()) {
		return nil, false, ErrExpired
	}
	return &user.DefaultInfo{
		Name: token.UserName,
		UID:  token.UserUID,
	}, true, nil
}