using HyperBooru.Services;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;

namespace HyperBooru.Controllers;

[ApiController]
[Route("/")]
public class LoginController : Controller {
    private IHttpContextAccessor httpContextAccessor;
    private ISecurityService     securityService;

    public LoginController(
        IHttpContextAccessor httpContextAccessor,
        ISecurityService securityService) {

        this.httpContextAccessor = httpContextAccessor;
        this.securityService     = securityService;
    }

    [HttpPost("Login")]
    public async Task<IActionResult> Login(
        [FromForm] string username,
        [FromForm] string password) {

        var user = securityService.GetUser(username);
        if(user is null)
            return StatusCode(403);

        if(!securityService.ValidatePassword(user, password))
            return StatusCode(403);

        var claims = new Claim[] {
            new Claim(ClaimTypes.Name, user.Name),
            new Claim("SID", user.Sid.ToString())
        };

        var claimsIdentity = new ClaimsIdentity(
            claims,
            CookieAuthenticationDefaults.AuthenticationScheme);

        var claimsPrincipal = new ClaimsPrincipal(claimsIdentity);

        await httpContextAccessor.HttpContext!.SignInAsync(claimsPrincipal);
        return Ok();
    }

    [HttpPost("Logout")]
    public async Task Logout() =>
        await httpContextAccessor.HttpContext!.SignOutAsync();
}