package middleware

import (
	"context"
	"fmt"
	"net/http"
	"nilfm.cc/git/quartzgun/auth"
	"nilfm.cc/git/quartzgun/cookie"
)

func Protected(next http.Handler, method string, userStore auth.UserStore, login string) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		user, err := cookie.GetToken("user", req)
		if err == nil {
			session, err := cookie.GetToken("session", req)
			if err == nil {
				login, err := userStore.ValidateUser(user, session)
				if err == nil && login {
					fmt.Printf("authorized!\n")
					fmt.Printf("user: %s, session: %s\n", user, session)
					req.Method = method
					next.ServeHTTP(w, req)
					return
				}
			}
		}
		fmt.Printf("unauthorized...\n")
		req.Method = http.MethodGet
		http.Redirect(w, req, login, http.StatusSeeOther)
	}

	return http.HandlerFunc(handlerFunc)
}

func Bunt(next string, userStore auth.UserStore, denied string) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		user, err := cookie.GetToken("user", req)
		if err == nil {
			err := auth.Logout(
				user,
				userStore,
				w)
			if err == nil {
				req.Method = http.MethodGet
				http.Redirect(w, req, next, http.StatusSeeOther)
				return
			}
		}
		req.Method = http.MethodGet
		http.Redirect(w, req, denied, http.StatusUnauthorized)
	}

	return http.HandlerFunc(handlerFunc)
}

func Authorize(next string, userStore auth.UserStore, denied string) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		err := auth.Login(
			req.FormValue("user"),
			req.FormValue("password"),
			userStore,
			w,
			24*7*52)
		if err == nil {
			req.Method = http.MethodGet
			fmt.Printf("logged in as %s\n", req.FormValue("user"))
			http.Redirect(w, req, next, http.StatusSeeOther)
		} else {
			fmt.Printf("login failed!\n")
			req.Method = http.MethodGet
			http.Redirect(w, req, denied, http.StatusSeeOther)
		}
	}

	return http.HandlerFunc(handlerFunc)
}

func Fortify(next http.Handler) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		token, err := cookie.GetToken("csrfToken", req)
		if err == nil {
			*req = *req.WithContext(
				context.WithValue(
					req.Context(),
					"csrfToken",
					token))
		}
		next.ServeHTTP(w, req)
	}

	return http.HandlerFunc(handlerFunc)
}

func Defend(next http.Handler, userStore auth.UserStore, denied string) http.Handler {
	handlerFunc := func(w http.ResponseWriter, req *http.Request) {
		user, err := cookie.GetToken("user", req)
		if err == nil {
			masterToken, err := userStore.GetData(user, "csrfToken")
			if err == nil {
				cookieToken, err := cookie.GetToken("csrfToken", req)
				if err == nil {
					formToken := req.FormValue("csrfToken")
					if formToken == cookieToken && formToken == masterToken.(string) {
						next.ServeHTTP(w, req)
						return
					}
				}
			}
		}
		http.Redirect(w, req, denied, http.StatusUnauthorized)
	}

	return http.HandlerFunc(handlerFunc)
}