package main

import (
	"context"
	"database/sql"
	"errors"
	"log"
	"net/http"
	"net/url"

	"golang.org/x/crypto/bcrypt"
)

const (
	userContextKey   = "_user"
	sessionDuration  = 86400 * 7 // 7 days
	loginQueryMarker = "next"
)

func RequireAuth(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		s := session(r)

		if !s.s.IsNew && s.Authenticated {
			u, err := Q.GetUserById(r.Context(), s.UserID)
			if err == nil {
				// authenticated --> done
				ctx := context.WithValue(r.Context(), userContextKey, u.ID)
				next.ServeHTTP(w, r.WithContext(ctx))
				return
			}

			s.Invalidate()
			s.Save(w, r)
		}

		// redirect to login with next-param
		v := url.Values{}
		v.Set(loginQueryMarker, r.URL.Path)
		redirPath := "/login?" + v.Encode()
		http.Redirect(w, r, redirPath, http.StatusFound)
	})
}

func checkLogin(ctx context.Context, user User) (bool, int32) {
	dbUser, err := Q.GetUserByName(ctx, user.Name)
	if err == nil {
		hash := []byte(dbUser.Pwd)
		pwd := []byte(user.Password)

		if bcrypt.CompareHashAndPassword(hash, pwd) != nil {
			return false, 0
		}
	} else if errors.Is(err, sql.ErrNoRows) {
		return false, 0
	} else {
		log.Panicf("Could not load user '%s': %v", user.Name, err)
	}

	return true, dbUser.ID
}

func handleLogin(w http.ResponseWriter, r *http.Request) {
	u := User{}
	parseForm(r, &u)

	ok, userId := checkLogin(r.Context(), u)

	if !ok {
		u.Errors = []error{fieldError{"Password", "Invalid"}}
		showLoginPage(w, u)
		return
	}

	s := session(r)
	if u.RememberMe {
		s.MaxAge(sessionDuration) // 1 week
	} else {
		s.MaxAge(0)
	}

	s.UserID = userId
	s.Authenticated = true
	s.Save(w, r)

	// redirect
	next := r.URL.Query().Get(loginQueryMarker)
	if next == "" {
		next = "/"
	}
	http.Redirect(w, r, next, http.StatusFound)
}

func handleLogout() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		s := session(r)
		s.Invalidate()
		s.Save(w, r)

		http.Redirect(w, r, "/", http.StatusFound)
	}
}

type User struct {
	Name       string  `form:"options=required"`
	Password   string  `form:"type=password;options=required"`
	RememberMe bool    `form:"type=checkbox;value=y;options=checked"`
	Errors     []error `form:"-"`
	Csrf
}

func showLoginPage(w http.ResponseWriter, u User) {
	showTemplate(w, "login", u)
}

func loginPage() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		if session(r).Authenticated {
			http.Redirect(w, r, "/", http.StatusFound)
		}
		showLoginPage(w, User{
			Csrf: CsrfField(r),
		})
	}
}

func userId(r *http.Request) int32 {
	return r.Context().Value(userContextKey).(int32)
}