package handler

import (
	"fmt"
	"net/http"

	"sirlab.de/go/knowyt/log"
	"sirlab.de/go/knowyt/user"
)

func (authMux *AuthMux) createCookie() *http.Cookie {
	return &http.Cookie{
		Name:     "knowyt-auth",
		Path:     "/",
		HttpOnly: true,
		MaxAge:   -1,
		SameSite: http.SameSiteLaxMode,
	}
}

func (authMux *AuthMux) Logout(w http.ResponseWriter, r *http.Request) {
	http.SetCookie(w, authMux.createCookie())
	w.Header().Add("Content-Type", "text/plain")
	fmt.Fprintf(w, "ok")
}

func (authMux *AuthMux) Login(w http.ResponseWriter, r *http.Request) {
	usr, err := authMux.checkCode(r)
	if err != nil {
		log.ErrorLog(err)
		http.SetCookie(w, authMux.createCookie())
		authMux.accessDenied(w, r)
		return
	}

	if !usr.IsAdmin() {
		gm, err := authMux.app.GetGameById(usr.GetGameId())
		if err != nil || !gm.IsActive() {
			log.ErrorLog(fmt.Errorf("game %s disabled for user %s", gm.GetId(), usr.GetName()))
			http.SetCookie(w, authMux.createCookie())
			authMux.accessDenied(w, r)
			return
		}
	}

	log.Info("%s logged into game %s\n", usr.GetName(), usr.GetGameId())

	cookie := authMux.createCookie()
	cookie.Value = usr.GetId() + ":" + usr.GetAuthCode()
	cookie.MaxAge = 0
	http.SetCookie(w, cookie)
	w.Header().Add("Content-Type", "text/plain")
	fmt.Fprintf(w, "ok")
}

func (authMux *AuthMux) checkCode(r *http.Request) (*user.User, error) {
	r.ParseForm()
	form := r.Form
	code := form.Get("code")

	if len(code) != 6 {
		return nil, fmt.Errorf("invalid code \"%s\"", code)
	}

	usr, err := authMux.app.GetUserByAuthcode(code)
	if err != nil {
		return nil, fmt.Errorf("invalid code: \"%s\"", code)
	}

	return usr, nil
}

func (authMux *AuthMux) Cameo(usr *user.User, w http.ResponseWriter, r *http.Request) {
	if usr.IsAdmin() {
		cookie := authMux.createCookie()
		cookie.Name = cookie.Name + "-cameo"
		usrCameo, err := authMux.checkCode(r)
		if err != nil {
			http.SetCookie(w, cookie)
			authMux.accessDenied(w, r)
			return
		}

		cookie.Value = usrCameo.GetId()
		cookie.MaxAge = 0
		http.SetCookie(w, cookie)
		w.Header().Add("Content-Type", "text/plain")
		fmt.Fprintf(w, "ok")
		return
	}

	// non-admin: remove cameo cookie
	usrCameo := usr.GetCameo()
	if usrCameo != nil && usrCameo.IsAdmin() {
		cookie := authMux.createCookie()
		cookie.Name = cookie.Name + "-cameo"
		http.SetCookie(w, cookie)
		w.Header().Add("Content-Type", "text/plain")
		fmt.Fprintf(w, "ok")
		return
	}

	authMux.accessDenied(w, r)
}