"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
    return new (P || (P = Promise))(function (resolve, reject) {
        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
        step((generator = generator.apply(thisArg, _arguments || [])).next());
    });
};
var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.default = revokeAllExistingGrants;
const grab_db_names_1 = __importDefault(require("../../../utils/grab-db-names"));
const normalize_text_1 = __importDefault(require("../../../utils/normalize-text"));
const dbHandler_1 = __importDefault(require("../../backend/dbHandler"));
const decrypt_1 = __importDefault(require("../../dsql/decrypt"));
const handle_mariadb_user_creation_1 = require("./handle-mariadb-user-creation");
function revokeAllExistingGrants(_a) {
    return __awaiter(this, arguments, void 0, function* ({ user, updatedRecord, }) {
        const { userDbPrefix } = (0, grab_db_names_1.default)({ user });
        const parsedPassword = (0, decrypt_1.default)({
            encryptedString: (updatedRecord === null || updatedRecord === void 0 ? void 0 : updatedRecord.password) || "",
        });
        const revokeAllPrivileges = yield (0, dbHandler_1.default)({
            query: (0, normalize_text_1.default)(`
            REVOKE ALL PRIVILEGES ON *.* FROM '${updatedRecord.username}'@'${updatedRecord.host}'
        `),
        });
        if (!revokeAllPrivileges) {
            yield (0, handle_mariadb_user_creation_1.createNewSQLUser)({
                host: updatedRecord.host,
                password: parsedPassword,
                username: updatedRecord.username,
            });
        }
        const revokeGrantOption = yield (0, dbHandler_1.default)({
            query: (0, normalize_text_1.default)(`
            REVOKE GRANT OPTION ON *.* FROM '${updatedRecord.username}'@'${updatedRecord.host}'
        `),
        });
        const userGrants = (yield (0, dbHandler_1.default)({
            query: `SHOW GRANTS FOR '${updatedRecord.username}'@'${updatedRecord.host}'`,
        }));
        for (let i = 0; i < userGrants.length; i++) {
            const grantObject = userGrants[i];
            const grant = grantObject === null || grantObject === void 0 ? void 0 : grantObject[Object.keys(grantObject)[0]];
            if (!(grant === null || grant === void 0 ? void 0 : grant.match(/GRANT USAGE .* IDENTIFIED BY PASSWORD/))) {
                const revokeGrantText = grant
                    .replace(/GRANT/, "REVOKE")
                    .replace(/ TO /, " FROM ");
                const revokePrivilege = yield (0, dbHandler_1.default)({ query: revokeGrantText });
            }
        }
        const flushPrivileges = yield (0, dbHandler_1.default)({
            query: `FLUSH PRIVILEGES`,
        });
        return { success: true };
    });
}