package main

import (
	"encoding/base64"
	"encoding/json"
	"fmt"
	"net/http"
	"time"

	"github.com/julienschmidt/httprouter"
)

var LocalAuthFunc = checkAuthKrb5
var localAuthUsers arrayFlags

type loginForm struct {
	Login    string `json:"username"`
	Password string `json:"password"`
}

func init() {
	router.GET("/api/auth", apiAuthHandler(validateAuthToken))
	router.POST("/api/auth", apiRawHandler(func(w http.ResponseWriter, ps httprouter.Params, body []byte) HTTPResponse {
		return formatApiResponse(LocalAuthFunc(w, ps, body))
	}))
	router.POST("/api/auth/logout", apiRawHandler(logout))
}

type authToken struct {
	*User
	CurrentPromo uint `json:"current_promo"`
}

func validateAuthToken(u *User, _ httprouter.Params, _ []byte) HTTPResponse {
	if u == nil {
		return APIErrorResponse{status: http.StatusUnauthorized, err: fmt.Errorf("Not connected")}
	} else {
		return APIResponse{authToken{u, currentPromo}}
	}
}

func logout(w http.ResponseWriter, ps httprouter.Params, body []byte) HTTPResponse {
	eraseCookie(w)
	return APIResponse{true}
}

func completeAuth(w http.ResponseWriter, username string, email string, firstname string, lastname string, groups string, session *Session) (usr User, err error) {
	if !userExists(username) {
		if usr, err = NewUser(username, email, firstname, lastname, groups); err != nil {
			return
		}
	} else if usr, err = getUserByLogin(username); err != nil {
		return
	}

	if len(groups) > 0 {
		if len(groups) > 255 {
			groups = groups[:255]
		}
		if usr.Groups != groups {
			usr.Groups = groups
			usr.Update()
		}
	}

	if session == nil {
		var s Session
		s, err = usr.NewSession()
		session = &s
	} else {
		_, err = session.SetUser(usr)
	}

	if err != nil {
		return
	}

	http.SetCookie(w, &http.Cookie{
		Name:     "auth",
		Value:    base64.StdEncoding.EncodeToString(session.Id),
		Path:     baseURL + "/",
		Expires:  time.Now().Add(30 * 24 * time.Hour),
		HttpOnly: true,
		SameSite: http.SameSiteStrictMode,
		//Secure: true,
	})

	return
}

func dummyAuth(w http.ResponseWriter, _ httprouter.Params, body []byte) (interface{}, error) {
	var lf map[string]string
	if err := json.Unmarshal(body, &lf); err != nil {
		return nil, err
	}

	return completeAuth(w, lf["username"], lf["email"], lf["firstname"], lf["lastname"], "", nil)
}