package server

import (
	"net/http"
	"os"
	"time"

	"github.com/golang-jwt/jwt/v5"
	"github.com/labstack/echo/v4"
)

const (
	cookieName = "rentuuid"
	routeLogin = "/login"
)

var validityTime = time.Now().Add(time.Hour * 24)

type Claims struct {
	jwt.RegisteredClaims
}

func MakeAuthMiddleware(secretKey string) echo.MiddlewareFunc {
	return func(next echo.HandlerFunc) echo.HandlerFunc {
		return func(c echo.Context) error {
			cookie, err := c.Cookie(cookieName)
			if err != nil {
				return c.Redirect(http.StatusSeeOther, routeLogin)
			}
			signedToken := cookie.Value
			token, err := jwt.Parse(
				signedToken,
				func(*jwt.Token) (interface{}, error) {
					return []byte(secretKey), nil
				},
				jwt.WithValidMethods([]string{jwt.SigningMethodHS256.Name}),
			)
			if err != nil {
				return c.Redirect(http.StatusSeeOther, routeLogin)
			}
			if !token.Valid {
				return c.Redirect(http.StatusSeeOther, routeLogin)
			}

			_, err = token.Claims.GetSubject()
			if err != nil {
				return c.Redirect(http.StatusSeeOther, routeLogin)
			}

			return next(c)
		}
	}
}

// TODO: refactor to use a `AuthService`
func writeCookie(c echo.Context, email string) error {
	claims := &Claims{
		jwt.RegisteredClaims{
			Subject:   email,
			ExpiresAt: jwt.NewNumericDate(validityTime),
		},
	}
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	signedToken, err := token.SignedString([]byte(os.Getenv("SECRET_KEY")))
	if err != nil {
		return err
	}

	cookie := new(http.Cookie)
	cookie.Name = cookieName
	cookie.Value = signedToken
	cookie.Expires = validityTime
	cookie.HttpOnly = true
	cookie.Domain = os.Getenv("DOMAIN")
	cookie.Secure = true
	cookie.SameSite = http.SameSiteStrictMode

	c.SetCookie(cookie)

	return nil
}