package endpoints

import (
	"arbeitszeitmessung/models"
	"arbeitszeitmessung/templates"
	"context"
	"log"
	"net/http"
	"strconv"
	"time"

	"github.com/alexedwards/scs/v2"
)

var Session *scs.SessionManager

func CreateSessionManager(lifetime time.Duration) *scs.SessionManager {
	Session = scs.New()
	Session.Lifetime = lifetime
	return Session
}

func showLoginPage(w http.ResponseWriter, r *http.Request, success bool, errorMsg string) {
	r = r.WithContext(context.WithValue(r.Context(), "session", Session))
	if Session.Exists(r.Context(), "user") {
		http.Redirect(w, r, "/time", http.StatusSeeOther)
	}
	templates.LoginPage(success, errorMsg).Render(r.Context(), w)
}

func loginUser(w http.ResponseWriter, r *http.Request) {
	err := r.ParseForm()
	if err != nil {
		log.Println("Error parsing form!", err)
		showLoginPage(w, r, false, "Internal error!")
		return
	}
	_personal_nummer := r.FormValue("personal_nummer")
	if _personal_nummer == "" {
		log.Println("No personal_nummer provided!")
		showLoginPage(w, r, false, "Keine Personalnummer gesetzt.")
		return
	}
	personal_nummer, err := strconv.Atoi(_personal_nummer)
	if err != nil {
		log.Println("Cannot parse personal nubmer!")
		showLoginPage(w, r, false, "Personalnummer ist nicht valide gesetzt.")
		return
	}
	user, err := models.GetUserByPersonalNr(personal_nummer)
	if err != nil {
		log.Println("No user found under this personal number!", err)
		showLoginPage(w, r, false, "Nutzer unter dieser Personalnummer nicht gefunden.")
		return
	}

	password := r.FormValue("password")
	if user.Login(password) {
		log.Printf("New succesfull user login from %s %s (%d)!\n", user.Vorname, user.Name, user.PersonalNummer)
		Session.Put(r.Context(), "user", user.PersonalNummer)
		Session.Commit(r.Context())
		http.Redirect(w, r, "/time", http.StatusSeeOther) //with this browser always uses GET
	}
	showLoginPage(w, r, false, "")
}

func logoutUser(w http.ResponseWriter, r *http.Request) {
	log.Println("Loggin out user!")
	err := Session.Destroy(r.Context())
	if err != nil {
		log.Println("Error destroying session!", err)
	}
	http.Redirect(w, r, "/user/login", http.StatusSeeOther)
}