package main

import (
	"InfantrySkillCalculator/controllers"
	"InfantrySkillCalculator/models"
	"InfantrySkillCalculator/utils"
	"errors"
	"fmt"
	"github.com/gin-gonic/gin"
	"golang.org/x/crypto/bcrypt"
	"gorm.io/gorm"
	"log"
	"net/http"
)

func checkUserCredentials(username, password string) bool {
	var hashedPassword string

	hashedPassword, err := getUserPassword(username)
	if err != nil {
		return false
	}

	err = bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
	return err == nil
}

func getUserPassword(username string) (string, error) {
	var user models.User

	if err := models.DB.Where("username = ?", username).First(&user).Error; err != nil {
		if !errors.Is(err, gorm.ErrRecordNotFound) {
			log.Fatal(err)
		}
		return "", err
	}

	return user.Password, nil
}

func hashPassword(password string) (string, error) {
	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return "", fmt.Errorf("failed to hash password: %w", err)
	}
	return string(hashedPassword), nil
}

func AuthRequired() gin.HandlerFunc {
	return func(c *gin.Context) {
		session, _ := utils.Store.Get(c.Request, utils.LoginSessionName)
		if auth, ok := session.Values["authenticated"].(bool); !ok || !auth || !controllers.IsUserEnabled(session.Values["username"].(string)) {
			redirectToLogin(c)
			return
		}
		c.Next()
	}
}

func AdminAuthRequired() gin.HandlerFunc {
	return func(c *gin.Context) {
		session, _ := utils.Store.Get(c.Request, utils.LoginSessionName)
		if auth, ok := session.Values["authenticated"].(bool); !ok || !auth {
			redirectToLogin(c)
			return
		}

		username, ok := session.Values["username"].(string)
		if !ok || !controllers.IsUserEnabled(username) || !controllers.IsUserAdmin(username) {
			redirectToLogin(c)
			return
		}

		c.Next()
	}
}

func isUserAdmin(c *gin.Context) bool {
	session, _ := utils.Store.Get(c.Request, utils.LoginSessionName)
	username, ok := session.Values["username"].(string)
	if !ok {
		return false
	}
	return controllers.IsUserAdmin(username)
}

func redirectToLogin(c *gin.Context) {
	session, _ := utils.Store.Get(c.Request, utils.LoginSessionName)
	session.Options.MaxAge = -1
	err := session.Save(c.Request, c.Writer)
	if err != nil {
		log.Fatal(err)
	}
	c.Redirect(http.StatusFound, "/login")
	c.Abort()
}

func isValidCode(code string) bool {
	var activationCode models.ActivationCode
	if err := models.DB.Where("code = ?", code).First(&activationCode).Error; err != nil {
		return false
	}

	return activationCode.Code == code && activationCode.UsedForUsername == ""
}