using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using QuotifyBE.Data;
using QuotifyBE.Entities;
using QuotifyBE.DTOs;
using QuotifyBE.Mapping;
using Microsoft.AspNetCore.Cors;

namespace QuotifyBE.Controllers;


[ApiController]
[EnableCors]
[Route("api/v1/auth")]
[Produces("application/json")]
public class AuthController : ControllerBase
{

    private readonly IConfiguration _appsettings;
    private readonly ApplicationDbContext _db;
    private readonly GeneralUseHelpers guhf;

    public AuthController(IConfiguration appsettings, ApplicationDbContext db, GeneralUseHelpers GUHF)
    {
        _db = db;
        _appsettings = appsettings;
        guhf = GUHF;
    }

    // POST /api/v1/auth/login
    /// <summary>
    /// Log-in endpoint
    /// </summary>
    /// <remarks>
    /// Allows to generate a JWT valid for 5 minutes.
    /// The token needs to be passed to other, secured endpoints
    /// in the Authorization header, e.g.: Authorization: bearer {jwt}
    /// </remarks>
    /// <param name="formUser">User's credentials (email and password)</param>
    /// <returns>JWT valid for 5 minutes and basic user data.</returns>
    /// <response code="200">Returned on request with valid credentials. Contains the token, but also user data.</response>
    /// <response code="400">Returned on request with missing form data (email, password or both)</response>
    /// <response code="401">Returned on request with unknown pair of email and password (wrong password)</response>
    /// <response code="404">Returned on request with unknwon email</response>
    [HttpPost("login")]
    [EnableCors]
    [ProducesResponseType(typeof(SuccessfulLoginDTO), 200)]
    [ProducesResponseType(typeof(ErrorDTO), 400)]
    [ProducesResponseType(typeof(ErrorDTO), 401)]
    [ProducesResponseType(typeof(ErrorDTO), 404)]
    public async Task<IActionResult> Login([FromBody] UserLoginDTO formUser)
    {
        // Ensure the form is complete
        if (formUser.Email == null || formUser.Password == null)
        {
            return BadRequest(new {status = "error", error_msg = "Form contains missing data"});
        }

        // Find the user with retrieved e-mail
        User? user = await guhf.GetUserFromEmail(formUser.Email);
        if (user == null)
        {
            return NotFound(new {status = "error", error_msg = "User not found"});
        }


        // Hash the password and compare with the user-provided one
        string hashedFormPassword = guhf.HashWithSHA512(formUser.Password);
        if (hashedFormPassword == user.PasswordHash)
        {
            // All set - generate the token and return it
            var token = guhf.GenerateJwtToken(user);
            SuccessfulLoginDTO response = user.ToSuccessfulLoginDTO(token, guhf.UserRoleAsStr(user));

            return Ok(response);
        } else return Unauthorized(new {status = "error", error_msg = "Unknown pair of email and password"});
    }

    // GET /api/v1/auth/some_values
    /// <summary>
    /// [AUTHED] Dummy, authed endpoint
    /// </summary>
    /// <remarks>
    /// Dummy, authed endpoint used to test JWTs.
    /// <br/><br/>
    /// <b>Important!</b>
    /// Authed endpoints expect Authorization header, e.g.:
    /// Authorization: bearer {jwt}
    /// </remarks>
    /// <returns>Dummy json</returns>
    /// <response code="200">Returned on request with valid credentials</response>
    /// <response code="401">Returned on request with invalid JWT</response>
    [HttpGet("some_values")]
    [Authorize]
    [EnableCors]
    [ProducesResponseType(200)]
    [ProducesResponseType(401)]
    public IActionResult GetValues()
    {
        return Ok(new string[] { "value1", "value2" });
    }

    // GET /api/v1/auth/user_role
    /// <summary>
    /// [AUTHED] Get user role as a string
    /// </summary>
    /// <remarks>
    /// Authed endpoint used to check human-readable user role.
    /// </remarks>
    /// <returns>Json containing single field "role"</returns>
    /// <response code="200">Returned on request with valid credentials</response>
    /// <response code="400">Returned on request with JWT whose user could not be found (sanity check)</response>
    [HttpGet("user_role")]
    [Authorize]
    [EnableCors]
    [ProducesResponseType(200)]
    [ProducesResponseType(typeof(ErrorDTO), 400)]
    public IActionResult GetUserRole()
    {
        // Get user from token
        User? u = guhf.GetUserFromToken(Request.Headers.Authorization!);
        if (u == null)
            return BadRequest(new ErrorDTO { Status = "error", Error_msg = "User not found" });

        // Return the role as a string
        return Ok(new { Role = guhf.UserRoleAsStr(u) });
    }

    // GET /api/v1/auth/me
    /// <summary>
    /// [AUTHED] Get user info
    /// </summary>
    /// <remarks>
    /// Authed endpoint used to get info about the user.
    /// </remarks>
    /// <returns>Json containing user info DTO</returns>
    /// <response code="200">Returned on request with valid credentials</response>
    /// <response code="400">Returned on request with JWT whose user could not be found (sanity check)</response>
    [HttpGet("me")]
    [Authorize]
    [EnableCors]
    [ProducesResponseType(typeof(UserInfoDTO), 200)]
    [ProducesResponseType(typeof(ErrorDTO), 400)]
    public IActionResult GetUserData()
    {
        // Get user token from Authorization header
        User? u = guhf.GetUserFromToken(Request.Headers.Authorization!);
        if (u == null) // sanity check
            return BadRequest(new ErrorDTO { Status = "error", Error_msg = "User not found" });

        // Return user data as a DTO
        return Ok(u.ToUserInfoDTO(guhf.UserRoleAsStr(u)));

    }

}