package service

import (
	"errors"
	"strings"

	"github.com/sirupsen/logrus"
	"myschools.me/heritage/heritage-api/model"
	"myschools.me/heritage/heritage-api/mysql"
	"myschools.me/heritage/heritage-api/redis"
)

var (
	ErrInvalidCredentials = errors.New("invalid credentials")
	ErrInvalidArgument    = errors.New("invalid argument")
	ErrOldPasswordWrong   = errors.New("old password wrong")
	ErrNewPasswordShort   = errors.New("new password too short")
	ErrUserNotFound       = errors.New("user not found")
)

func AuthLogin(userName, plainPassword string) (string, *model.User, error) {
	userName = strings.TrimSpace(userName)
	if userName == "" || plainPassword == "" {
		return "", nil, ErrInvalidCredentials
	}

	u, err := mysql.UserByUserName(&userName)
	if err != nil {
		logrus.WithFields(logrus.Fields{
			"func":     "AuthLogin",
			"userName": userName,
		}).Errorf("mysql.UserByUserName: %s", err.Error())
		return "", nil, err
	}
	if u == nil || u.PasswordHash == "" {
		logrus.WithFields(logrus.Fields{
			"func":     "AuthLogin",
			"userName": userName,
		}).Warnf("user not found or password not set")
		return "", nil, ErrInvalidCredentials
	}
	if !PasswordVerify(u.PasswordHash, plainPassword) {
		logrus.WithFields(logrus.Fields{
			"func":     "AuthLogin",
			"userName": userName,
		}).Warnf("password verification failed")
		return "", nil, ErrInvalidCredentials
	}

	token := newToken()
	safeUser := &model.User{
		ID:       u.ID,
		UserName: u.UserName,
		RoleID:   u.RoleID,
		OrgID:    u.OrgID,
	}
	if err := redis.UserTokenSet(&token, safeUser); err != nil {
		logrus.WithFields(logrus.Fields{
			"func":   "AuthLogin",
			"userID": u.ID,
		}).Errorf("redis.UserTokenSet: %s", err.Error())
		return "", nil, err
	}
	return token, safeUser, nil
}

func AuthLogout(token string) error {
	token = strings.TrimSpace(token)
	token = strings.TrimPrefix(token, "Bearer ")
	token = strings.TrimPrefix(token, "bearer ")
	if token == "" {
		return nil
	}
	return redis.UserTokenDel(&token)
}