package server

import (
	"fmt"
	"local/oauth2"
	"local/router"
	"local/storage"
	"net/http"
	"net/url"

	"github.com/google/uuid"
)

func (s *Server) authorize(w http.ResponseWriter, r *http.Request) {
	scope := ""
	router.Params(r, &scope)
	s.limiter.Wait(r.Context())
	if r.Method != "POST" {
		http.NotFound(w, r)
		return
	}
	id := scope + "." + r.FormValue("username")
	user, ok := s.getUser(id)
	if !ok {
		http.Error(w, "unknown user", http.StatusForbidden)
		return
	}
	access, ok := s.getAccess(scope, user)
	if !ok {
		http.Error(w, "no oauth for user", http.StatusForbidden)
		return
	}
	q := r.URL.Query()
	redirect := q.Get(oauth2.REDIRECT)
	q.Del(oauth2.REDIRECT)
	r.URL.RawQuery = q.Encode()
	if redirect != "" {
		url, _ := url.Parse(redirect)
		if url.Scheme == "" {
			url.Scheme = "http"
		}
		values := url.Query()
		values.Set(oauth2.COOKIE, access)
		url.RawQuery = values.Encode()
		http.Redirect(w, r, url.String(), http.StatusSeeOther)
	} else {
		fmt.Fprintln(w, "OK")
	}
}

func (s *Server) genAuth(scope, user string) {
	access := uuid.New().String()
	token := uuid.New().String()
	s.store.Set(user, []byte(access), ACCESS)
	s.store.Set(scope+"."+access, []byte(token), TOKEN)
}

func (s *Server) getAccess(scope, user string) (string, bool) {
	access, err := s.store.Get(user, ACCESS)
	if err == storage.ErrNotFound {
		s.genAuth(scope, user)
		access, err = s.store.Get(user, ACCESS)
	}
	return string(access), err == nil
}

func (s *Server) getToken(scope, access string) (string, bool) {
	token, err := s.store.Get(scope+"."+access, TOKEN)
	return string(token), err == nil
}