package auth

import (
	"errors"
	"io"
	"net/http"

	"github.com/labstack/echo/v4"

	"dynatron.me/x/blasphem/pkg/frontend"
	"dynatron.me/x/blasphem/pkg/storage"
)

var (
	ErrInvalidAuth    = errors.New("invalid auth")
	ErrInvalidHandler = errors.New("no such handler")
)

type Authenticator struct {
	Flows     FlowStore
	Providers map[string]AuthProvider
}

func (a *Authenticator) Provider(name string) AuthProvider {
	p, ok := a.Providers[name]
	if !ok {
		return nil
	}

	return p
}

func (a *Authenticator) InitAuth(s storage.Store) error {
	a.Flows = make(FlowStore)
	hap, err := NewHAProvider(s)
	if err != nil {
		return err
	}

	// XXX: yuck
	a.Providers = map[string]AuthProvider{
		hap.ProviderType(): hap,
	}

	return nil
}

type AuthProvider interface {
	ProviderName() string
	ProviderID() *string
	ProviderType() string
	ProviderBase() AuthProviderBase
	FlowSchema() []FlowSchemaItem
	ValidateCreds(reqMap map[string]interface{}) bool
}

type AuthProviderBase struct {
	Name string  `json:"name"`
	ID   *string `json:"id"`
	Type string  `json:"type"`
}

func (bp *AuthProviderBase) ProviderName() string           { return bp.Name }
func (bp *AuthProviderBase) ProviderID() *string            { return bp.ID }
func (bp *AuthProviderBase) ProviderType() string           { return bp.Type }
func (bp *AuthProviderBase) ProviderBase() AuthProviderBase { return *bp }

var HomeAssistant = "homeassistant"

// TODO: make this configurable
func (a *Authenticator) ProvidersHandler(c echo.Context) error {
	providers := []AuthProviderBase{
		a.Provider(HomeAssistant).ProviderBase(),
	}

	return c.JSON(http.StatusOK, providers)
}

func (s *Authenticator) AuthorizeHandler(c echo.Context) error {
	authContents, err := frontend.RootFS.Open("authorize.html")
	if err != nil {
		return err
	}
	defer authContents.Close()

	b, err := io.ReadAll(authContents)
	if err != nil {
		return err
	}

	return c.HTML(http.StatusOK, string(b))
}

func (a *Authenticator) Check(f *Flow, rm map[string]interface{}) error {
	cID, hasCID := rm["client_id"]
	if !hasCID || cID != f.request.ClientID {
		return ErrInvalidAuth
	}

	for _, h := range f.Handler {
		if h == nil {
			return ErrInvalidHandler
		}

		p := a.Provider(*h)
		if p == nil {
			return ErrInvalidAuth
		}

		success := p.ValidateCreds(rm)

		if success {
			return nil
		}
	}

	return ErrInvalidAuth
}