package server

import (
	"crypto/hmac"
	"crypto/md5"
	"crypto/sha256"
	"encoding/hex"
	"fmt"
	"local/oauth2/oauth2server/config"
	"local/router"
	"net/http"

	"github.com/google/uuid"
)

func (s *Server) usersLog(w http.ResponseWriter, r *http.Request) {
	scope := ""
	router.Params(r, &scope)
	s.limiter.Wait(r.Context())
	q := r.URL.Query()
	fmt.Fprintln(w, `
      <html>
         <head><style>body{
            filter:invert(80%);
            background-color: #222;
            font-size: 5em;
            zoom: 1.5;
            -moz-transform: scale(1.5);
            -moz-transform-origin: 0 0;
            -o-transform: scale(1.5);
            -o-transform-origin: 0 0;
            -webkit-transform: scale(1.5);
            -webkit-transform-origin: 0 0;
            transform: scale(1.5);
            transform-origin: 0 0;
         }</style></head>
         <body>
            <form method="post" action="/authorize/`+scope+`?`+q.Encode()+`">
               <input type="password" name="username"></input>
               <input type="submit"></input>
            </form>
         </body>
      </html>
   `)
}

func (s *Server) usersRegister(w http.ResponseWriter, r *http.Request) {
	scope := ""
	router.Params(r, &scope)
	s.limiter.Wait(r.Context())
	fmt.Fprintln(w, `
      <html>
         <head><style>body{
            filter:invert(80%);
            background-color: #222;
            font-size: 5em;
            zoom: 1.5;
            -moz-transform: scale(1.5);
            -moz-transform-origin: 0 0;
            -o-transform: scale(1.5);
            -o-transform-origin: 0 0;
            -webkit-transform: scale(1.5);
            -webkit-transform-origin: 0 0;
            transform: scale(1.5);
            transform-origin: 0 0;
         }</style></head>
         <body>
            <form method="post" action="/users/submit/`+scope+`">
               <input type="text" name="username"></input>
               <input type="submit"></input>
            </form>
         </body>
      </html>
   `)
}

func (s *Server) usersSubmit(w http.ResponseWriter, r *http.Request) {
	scope := ""
	router.Params(r, &scope)
	s.limiter.Wait(r.Context())
	if r.Method != "POST" {
		http.NotFound(w, r)
		return
	}
	id := scope + "." + r.FormValue("username")
	if _, ok := s.getUser(id); ok {
		http.Error(w, "user already exists", http.StatusConflict)
		return
	}
	s.genUser(id)
}

func (s *Server) genUser(id string) {
	user := uuid.New().String()
	salt := uuid.New().String()
	s.store.Set(id, []byte(salt), SALT)
	obscured := s.obscureID(id)
	s.store.Set(obscured, []byte(user), USERS)
}

func (s *Server) getUser(id string) (string, bool) {
	obscured := s.obscureID(id)
	user, err := s.store.Get(obscured, USERS)
	return string(user), err == nil
}

func (s *Server) obscureID(id string) string {
	salt, _ := s.store.Get(id, SALT)
	a := s.obscure(string(salt)+id, config.SecretA)
	b := s.obscure(string(salt)+id, config.SecretB)
	return a + b
}

func (s *Server) obscure(payload, secret string) string {
	hash := md5.New()
	hash.Write([]byte(secret))
	key := hash.Sum(nil)
	sig := hmac.New(sha256.New, key)
	sig.Write([]byte(payload))
	return hex.EncodeToString(sig.Sum(nil))
}