<?php
namespace Incoviba\API\Common\Controller;

use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Message\ResponseInterface as Response;
use Incoviba\API\Common\Define\Controller\Json;
use Incoviba\API\Common\Service\Auth as Service;
use Incoviba\API\Common\Factory\Model as Factory;
use Incoviba\Auth\User;
use Incoviba\Auth\Login;

class Auth {
    use Json;

    public function generate(Request $request, Response $response, Service $service): Response {
        $key = $service->generate();
        return $this->withJson($response, compact('key'));
    }
    public function login(Request $request, Response $response, Service $service, Factory $factory): Response {
        $post = json_decode($request->getBody());
        $user = $factory->find(User::class)->where([['name', $post->name]])->one();
        $output = [
            'login' => false,
            'token' => ''
        ];
        if ($user->enabled == 0) {
            $this->withJson($response, $output);
        }
        if ($user->validate($post->password)) {
            $token = $service->generateToken();
            $status = $user->setToken($token->selector, $token->token);
            if ($status['logged_in']) {
                $output['login'] = true;
                $output['token'] = $token->full;
                $output['expires'] = $status['expires'];
            }
        }
        return $this->withJson($response, $output);
    }
    protected function getLogin(object $post, Factory $factory): bool|Login {
        list($selector, $token) = explode(':', $post->token); //Token from the cookie
        $login = $factory->find(Login::class)->where([['selector', $selector]])->one();
        if ($login === false or !password_verify($token, $login->token) or !$login->isValid()) {
            return false;
        }
        return $login;
    }
    public function validate(Request $request, Response $response, Factory $factory): Response {
        $post = json_decode($request->getBody());
        if (!$this->getLogin($post, $factory)) {
            return $this->withJson($response, ['token' => $post->token, 'error' => 'Not authorized'], 401);
        }
        return $this->withJson($response, ['token' => $post->token, 'status' => 'Authorized']);
    }
    public function user(Request $request, Response $response, Factory $factory): Response {
        $post = json_decode($request->getBody());
        $login = $this->getLogin($post, $factory);
        if (!$login) {
            return $this->withJson($response, ['token' => $post->token, 'error' => 'Not authorized'], 401);
        }
        $output = [
            'token' => $post->token,
            'user' => $login->user()->name
        ];
        return $this->withJson($response, $output);
    }
    public function logout(Request $request, Response $response, Factory $factory): Response {
        $post = json_decode($request->getBody());
        list($selector, $token) = explode(':', $post->token); //Token from the cookie
        $login = $factory->find(Login::class)->where([['selector', $selector]])->one();
        $output = [
            'token' => $post->token,
            'logout' => false
        ];
        if ($login !== false) {
            $output['logout'] = $login->user()->logout();
        } else {
            $output['logout'] = true;
        }
        return $this->withJson($response, $output);
    }
}