package cachevalkey

import (
	"context"
	"strconv"
	"time"

	"code.nochebuena.dev/einherjar/core/xerrors"
)

// rbacCacheShape mirrors auth/rbac.Cache for compile-time duck-type verification.
// Cache-valkey must not import auth/rbac (D-1), so the shape is defined locally.
type rbacCacheShape interface {
	Get(ctx context.Context, key string) (int64, bool, error)
	Set(ctx context.Context, key string, value int64, ttl time.Duration) error
}

var _ rbacCacheShape = (*PermissionCache)(nil)

// PermissionCache is a Valkey-backed cache for int64 permission bitmasks.
// Satisfies auth/rbac.Cache via duck typing — no import of that package required.
//
// Values are stored as decimal strings and parsed back to int64 on read.
type PermissionCache struct {
	provider Provider
}

// NewPermissionCache returns a PermissionCache backed by p.
func NewPermissionCache(p Provider) *PermissionCache {
	return &PermissionCache{provider: p}
}

// Get retrieves a permission bitmask. Returns (0, false, nil) on cache miss.
func (c *PermissionCache) Get(ctx context.Context, key string) (int64, bool, error) {
	val, ok, err := c.provider.Get(ctx, key)
	if err != nil || !ok {
		return 0, ok, err
	}
	n, err := strconv.ParseInt(val, 10, 64)
	if err != nil {
		return 0, false, xerrors.Internal("valkey: permission cache: corrupted value for key %q", key).WithError(err)
	}
	return n, true, nil
}

// Set stores a permission bitmask with the given TTL.
func (c *PermissionCache) Set(ctx context.Context, key string, value int64, ttl time.Duration) error {
	return c.provider.Set(ctx, key, strconv.FormatInt(value, 10), ttl)
}