package api

import (
	"fmt"
	"log"
	"math/rand"
	"net/http"
	"strings"
	"time"

	"git.freecumextremist.com/grumbulon/pomme/internal"
	"git.freecumextremist.com/grumbulon/pomme/internal/db"
	"github.com/go-chi/chi/v5"
	"github.com/go-chi/render"
	"github.com/go-pkgz/auth"
	"github.com/go-pkgz/auth/avatar"
	"github.com/go-pkgz/auth/provider"
	"github.com/go-pkgz/auth/token"
	"golang.org/x/crypto/bcrypt"
)

// API handler
func Api() (api *chi.Mux) {
	options := auth.Opts{
		SecretReader: token.SecretFunc(func(id string) (string, error) { // secret key for JWT
			return "secret", nil
		}),
		TokenDuration:  time.Minute * 5, // token expires in 5 minutes
		CookieDuration: time.Hour * 24,  // cookie expires in 1 day and will enforce re-login
		Issuer:         "pomme",
		URL:            "http://127.0.0.1:8080",
		AvatarStore:    avatar.NewLocalFS("/tmp"),
		Validator: token.ValidatorFunc(func(_ string, claims token.Claims) bool {
			// allow only dev_* names
			return claims.User != nil && strings.HasPrefix(claims.User.Name, "dev_")
		}),
	}
	service := auth.NewService(options)
	service.AddDirectProvider("local", provider.CredCheckerFunc(func(user, password string) (ok bool, err error) {
		ok, err = Login(user, password)
		return ok, err
	}))

	m := service.Middleware()

	api = chi.NewRouter()

	api.Get("/create", NewUser)
	api.Post("/check", Ingest)
	api.With(m.Auth).Get("/private", AuthTest)
	authRoutes, avaRoutes := service.Handlers()
	api.Mount("/auth", authRoutes)  // add auth handlers
	api.Mount("/avatar", avaRoutes) // add avatar handler

	return
}

func Ingest(w http.ResponseWriter, r *http.Request) {
	data := &internal.ZoneRequest{}
	log.Println(data)
	if err := render.Bind(r, data); err != nil {
		http.Error(w, "Unable to parse Zonefile", http.StatusBadRequest)
		return
	}

	zonefile := data.Zone
	render.Status(r, http.StatusAccepted)
	render.Render(w, r, internal.NewZoneResponse(zonefile))
	// todo write to database, maybe?

	// todo -- add functions to apply to master zonefile if above check is OK
}

func NewUser(w http.ResponseWriter, r *http.Request) {
	r.ParseForm()
	username := r.Form.Get("username")
	if username == "" {
		username = autoUname()
	}
	password := r.Form.Get("password")
	if password == "" {
		password = "nigga" //testing purposes
	}
	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		panic(err)
	}
	db := db.InitDb()
	db.Create(&internal.User{Username: username, HashedPassword: string(hashedPassword)})

	w.Write([]byte(username))
	w.Write([]byte("██████████"))
	w.Write(hashedPassword)
}

func Login(username, password string) (bool, error) {
	username = "user22457"
	password = "nigga" //testing purposes

	hashedpassword := "$2a$10$uISHvOh/1Thfri1sJQNVmeWHIbIo/V.OmcpQV7UyIoyOwKSnhODtC"

	err := bcrypt.CompareHashAndPassword([]byte(hashedpassword), []byte(password))
	if err != nil {
		return false, err
	}
	return true, err
}

func autoUname() string {
	rand.Seed(time.Now().UnixNano())
	return fmt.Sprintf("user%d", rand.Intn(99999-00000))
}

func AuthTest(w http.ResponseWriter, r *http.Request) {
	w.Write([]byte("██████████"))
}