package handler

import (
	"me-fit/service"
	"me-fit/utils"

	"database/sql"
	"net/http"
)

type AuthHandler struct {
	db      *sql.DB
	service *service.AuthService
}

func handleAuth(db *sql.DB, router *http.ServeMux) {
	a := AuthHandler{
		db:      db,
		service: service.NewAuthService(db),
	}
	// Don't use auth middleware for these routes, as it makes redirecting very difficult, if the mail is not yet verified
	router.Handle("/auth/signin", service.HandleSignInPage(db))
	router.Handle("/auth/signup", service.HandleSignUpPage(db))
	router.Handle("/auth/verify", service.HandleSignUpVerifyPage(db)) // Hint for the user to verify their email
	router.Handle("/auth/delete-account", service.HandleDeleteAccountPage(db))
	router.Handle("/auth/verify-email", service.HandleSignUpVerifyResponsePage(db)) // The link contained in the email
	router.Handle("/auth/change-password", service.HandleChangePasswordPage(db))
	router.Handle("/auth/reset-password", service.HandleResetPasswordPage(db))
	router.Handle("/api/auth/signup", service.HandleSignUpComp(db))
	router.Handle("/api/auth/signin", a.handleSignIn())
	router.Handle("/api/auth/signout", service.HandleSignOutComp(db))
	router.Handle("/api/auth/delete-account", service.HandleDeleteAccountComp(db))
	router.Handle("/api/auth/verify-resend", service.HandleVerifyResendComp(db))
	router.Handle("/api/auth/change-password", service.HandleChangePasswordComp(db))
	router.Handle("/api/auth/reset-password", service.HandleResetPasswordComp(db))
	router.Handle("/api/auth/reset-password-actual", service.HandleActualResetPasswordComp(db))
}

func (a AuthHandler) handleSignIn() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		var email = r.FormValue("email")
		var password = r.FormValue("password")

		user := a.service.SignIn(email, password)

		if user != nil {
			result := service.TryCreateSessionAndSetCookie(r, w, a.db, user.Id)
			if !result {
				return
			}

			if !user.EmailVerified {
				utils.DoRedirect(w, r, "/auth/verify")
			} else {
				utils.DoRedirect(w, r, "/")
			}
		} else {
			http.Error(w, "Invalid email or password", http.StatusUnauthorized)
		}
	}
}