package controller

import (
	"crypto/rand"
	"database/sql"
	"encoding/base64"
	"log"
	"net/http"

	"github.com/google/uuid"
	"golang.org/x/crypto/argon2"
)

func PostSignup(db *sql.DB) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		// metrics.WithLabelValues("new").Inc()

		var email = r.FormValue("email")
		var password = r.FormValue("password")

		if email == "" || password == "" {
			http.Error(w, "Missing required fields", http.StatusBadRequest)
			return
		}

		salt := make([]byte, 16)
		rand.Read(salt)

		hash := argon2.IDKey([]byte(password), salt, 1, 64*1024, 1, 16)
		hashStr := base64.StdEncoding.EncodeToString(hash)

		user_uuid, err := uuid.NewRandom()
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			log.Printf("Could not generate UUID: %v", err)
			return
		}

		_, err = db.Exec("INSERT INTO user (user_uuid, email, email_verified, is_admin, password, salt, created_at) VALUES (?, ?, FALSE, FALSE, ?, ?, CURRENT_DATE)", user_uuid, email, hash, salt)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			log.Printf("Could not insert user: %v", err)
			return
		}

		w.WriteHeader(http.StatusCreated)
		w.Write([]byte(hashStr))
	}
}