package system

import (
	"encoding/json"
	"net/http"

	"github.com/astaxie/session"
	"github.com/go-xorm/xorm"
	"github.com/julienschmidt/httprouter"

	libconfig "dev.sum7.de/sum7/warehost/config"
	libapi "dev.sum7.de/sum7/warehost/lib/api"
	log "dev.sum7.de/sum7/warehost/lib/log"
	libpassword "dev.sum7.de/sum7/warehost/lib/password"
)

//API keep data in module global
type API struct {
	config       *libconfig.Config
	sessions     *session.Manager
	dbconnection *xorm.Engine
}

// NewAPI sets the routes to the api functions
func NewAPI(config *libconfig.Config, sessions *session.Manager, dbconnection *xorm.Engine, router *httprouter.Router, prefix string) {
	api := &API{config: config, sessions: sessions, dbconnection: dbconnection}
	router.GET(prefix+"/status", api.Status)
	router.POST(prefix+"/login", api.Login)
	router.GET(prefix+"/logout", api.Logout)

}

// Status to get Login and Server status
func (api *API) Status(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
	sess := api.sessions.SessionStart(w, r)
	logger := log.GetLog(r, "system", "status")
	result, err := api.dbconnection.Count(new(Login))
	connection := false
	if err != nil {
		logger.Error("get login count: ", err)
	} else {
		if result > 0 {
			connection = true
		}
	}
	logger.Info("status")
	libapi.JsonOutput(sess, w, r, connection)
}

// Logout current user
func (api *API) Logout(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
	api.sessions.SessionDestroy(w, r)
	sess := api.sessions.SessionStart(w, r)
	logger := log.GetLog(r, "system", "logout")
	if login := sess.Get("login"); login != nil {
		logger = logger.WithField("user", login.(Login).Username)
	}
	sess.Delete("login")
	sess.Delete("profil")
	logger.Info("logout")
	libapi.JsonOutput(sess, w, r, true)
}

// Login of system
func (api *API) Login(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
	sess := api.sessions.SessionStart(w, r)
	logger := log.GetLog(r, "system", "login")
	var requestlogin RequestLogin
	err := json.NewDecoder(r.Body).Decode(&requestlogin)
	if err != nil {
		logger.Error("fetch request")
		http.Error(w, err.Error(), http.StatusInternalServerError)
		libapi.JsonOutput(sess, w, r, false)
		return
	}
	logger = logger.WithField("user", requestlogin.Username)
	var login = Login{Username: requestlogin.Username}
	_, err = api.dbconnection.Get(&login)
	if err != nil {
		logger.Error("fetch database")
		libapi.JsonOutput(sess, w, r, false)
		return
	}
	if login.Id <= 0 {
		logger.Warn("user not found")
		libapi.JsonOutput(sess, w, r, false)
		return
	}
	result := false
	if login.Active {
		output, _ := libpassword.Validate(login.Password, requestlogin.Password)
		if output {
			result = true
			sess.Set("login", login)
			logger.Info("logged in")
		} else {
			logger.Warn("wrong password")
		}
	} else {
		logger.Warn("not active")
	}

	libapi.JsonOutput(sess, w, r, result)
}