module Doorkeeper::AccessTokenMixin::ClassMethods

def authorized_tokens_for(application_id, resource_owner)
  by_resource_owner(resource_owner).where(
    application_id: application_id,
    revoked_at: nil,
  )
end

def by_previous_refresh_token(previous_refresh_token)
  find_by(refresh_token: previous_refresh_token)
end

def by_refresh_token(refresh_token)
  find_by_plaintext_token(:refresh_token, refresh_token)
end

def by_token(token)
  find_by_plaintext_token(:token, token)
end

def create_for(application:, resource_owner:, scopes:, **token_attributes)
  token_attributes[:application] = application
  token_attributes[:scopes] = scopes.to_s
  if Doorkeeper.config.polymorphic_resource_owner?
    token_attributes[:resource_owner] = resource_owner
  else
    token_attributes[:resource_owner_id] = resource_owner_id_for(resource_owner)
  end
  create!(token_attributes)
end

def custom_attributes_match?(token, custom_attributes)
  return true if custom_attributes.nil?
  token_attribs = token.custom_attributes
  return true if token_attribs.blank? && custom_attributes.blank?
  Doorkeeper.config.custom_access_token_attributes.all? do |attribute|
    token_attribs[attribute] == custom_attributes[attribute]
  end
end

def extract_custom_attributes(attributes)
  attributes.with_indifferent_access.slice(
    *Doorkeeper.configuration.custom_access_token_attributes)
end

def fallback_secret_strategy
  ::Doorkeeper.config.token_secret_fallback_strategy
end

def find_access_token_in_batches(relation, **args, &block)
  relation.find_in_batches(**args, &block)
end

def find_matching_token(relation, application, custom_attributes, scopes)
  return nil unless relation
  matching_tokens = []
  batch_size = Doorkeeper.configuration.token_lookup_batch_size
  find_access_token_in_batches(relation, batch_size: batch_size) do |batch|
    tokens = batch.select do |token|
      scopes_match?(token.scopes, scopes, application&.scopes) &&
        custom_attributes_match?(token, custom_attributes)
    end
    matching_tokens.concat(tokens)
  end
  matching_tokens.max_by(&:created_at)
end

def find_or_create_for(application:, resource_owner:, scopes:, **token_attributes)
  scopes = Doorkeeper::OAuth::Scopes.from_string(scopes) if scopes.is_a?(String)
  if Doorkeeper.config.reuse_access_token
    custom_attributes = extract_custom_attributes(token_attributes).presence
    access_token = matching_token_for(
      application, resource_owner, scopes, custom_attributes: custom_attributes, include_expired: false)
    return access_token if access_token&.reusable?
  end
  create_for(
    application: application,
    resource_owner: resource_owner,
    scopes: scopes,
    **token_attributes,
  )
end

def last_authorized_token_for(application_id, resource_owner)
  authorized_tokens_for(application_id, resource_owner)
    .ordered_by(:created_at, :desc)
    .first
end

def matching_token_for(application, resource_owner, scopes, custom_attributes: nil, include_expired: true)
  tokens = authorized_tokens_for(application&.id, resource_owner)
  tokens = tokens.not_expired unless include_expired
  find_matching_token(tokens, application, custom_attributes, scopes)
end

def revoke_all_for(application_id, resource_owner, clock = Time)
  by_resource_owner(resource_owner)
    .where(
      application_id: application_id,
      revoked_at: nil,
    )
    .update_all(revoked_at: clock.now.utc)
end

def scopes_match?(token_scopes, param_scopes, app_scopes)
  return true if token_scopes.empty? && param_scopes.empty?
  (token_scopes.sort == param_scopes.sort) &&
    Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
      scope_str: param_scopes.to_s,
      server_scopes: Doorkeeper.config.scopes,
      app_scopes: app_scopes,
    )
end

def secret_strategy
  ::Doorkeeper.config.token_secret_strategy
end