package api 

import (
	"context"
	"encoding/json"
	"fmt"
	"io"
	"log"
	"net/http"
	"strings"
	"time"

	"github.com/golang-jwt/jwt/v5"
	core "fr.latosa-escrima/api/core"
)

var MySigningKey = []byte("COUCOU")

type LoginInformation struct {
	Email    string `json:"email"`
	Password string `json:"password"`
}

type Claims struct {
	UserID string `json:"user_id"`
	jwt.RegisteredClaims
}

func HandleLogin(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodPost {
		log.Fatal("Not post method")
	}

	if r.Body == nil {
		log.Fatal("No body")
	}

	body, err := io.ReadAll(r.Body)
	if err != nil {
		log.Fatal(err)
	}
	var login LoginInformation
	err = json.Unmarshal(body, &login)
	if err != nil {
		log.Fatal(err)
	}

	var user core.User
	err = core.DB.NewSelect().
		Model(&user).
		Where("email = ? AND password = ?", login.Email, login.Password).
		Limit(1).
		Scan(context.Background())

	if err != nil {
		log.Fatal(err)
	}

	claims := Claims{
		UserID: user.UserID.String(),
		RegisteredClaims: jwt.RegisteredClaims{
			Issuer:    "latosa-escrima.fr",
			Subject:   "authentification",
			ExpiresAt: jwt.NewNumericDate(time.Now().Add(time.Hour * 24)),
			IssuedAt:  jwt.NewNumericDate(time.Now()),
		},
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	signed, err := token.SignedString([]byte("hello"))
	if err != nil {
		log.Fatal(err)
	}

	fmt.Println(signed)
}

func HandleMiddlewareRoute(pattern string,
	handler func(w http.ResponseWriter, r *http.Request),
	middleware func(http.Handler) http.Handler,
	mux *http.ServeMux,
) {
	mux.HandleFunc(pattern, handler)
	http.Handle(pattern, middleware(mux))
}

func AuthJWT(next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		// Check if the Authorization header is provided
		authHeader := r.Header.Get("Authorization")
		if authHeader == "" {
			http.Error(w, "Missing Authorization header", http.StatusUnauthorized)
			return
		}

		// Bearer token is expected, so split the header into "Bearer <token>"
		tokenString := strings.TrimPrefix(authHeader, "Bearer ")
		if tokenString == authHeader {
			http.Error(w, "Invalid Authorization header format", http.StatusUnauthorized)
			return
		}

		// Parse the token
		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
			// Ensure that the token's signing method is valid
			if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
				return nil, fmt.Errorf("unexpected signing method: %v", token.Header["alg"])
			}
			return MySigningKey, nil
		})

		if err != nil || !token.Valid {
			http.Error(w, "Invalid token", http.StatusUnauthorized)
			return
		}

		// Call the next handler if the JWT is valid
		next.ServeHTTP(w, r)
	})
}