package auth

import (
	"fmt"
	"os"
	"time"

	"git.cesium.pw/niku/virteen/internal/auth/services"
	"github.com/gofiber/fiber/v2"
	"github.com/golang-jwt/jwt"
)

type PamAuthController struct {
	pam *services.PamAuthService
}

func NewPamAuthController() *PamAuthController {
	return &PamAuthController{
		pam: services.NewPamAuthService(),
	}
}

type GetTokenBody struct {
	User     string `json:"user"`
	Password string `json:"password"`
}

func (pac *PamAuthController) GetToken(ctx *fiber.Ctx) error {
	var body GetTokenBody
	if err := ctx.BodyParser(&body); err != nil {
		return err
	}

	isValid := (*pac.pam).IsValidUser(body.User, body.Password)
	if isValid == false {
		return fmt.Errorf("invalid user or password")
	}

	claims := jwt.MapClaims{
		"name": body.User,
		"exp":  time.Now().Add(time.Hour * 72).Unix(),
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

	t, err := token.SignedString([]byte(os.Getenv("JWT_SECRET")))
	if err != nil {
		return err
	}

	return ctx.JSON(fiber.Map{"Token": t})
}