package services

import (
	"time"

	"git.secnex.io/secnex/auth-api/config"
	"git.secnex.io/secnex/auth-api/repositories"
	"git.secnex.io/secnex/auth-api/utils"
	"git.secnex.io/secnex/masterlog"
	"github.com/gofiber/fiber/v2"
	"github.com/golang-jwt/jwt/v5"
)

func Login(username, password string) *utils.HTTPResponse {
	// Get user by username
	user, err := repositories.GetUserByUsername(username)
	if err != nil {
		return utils.NewHTTPResponse(fiber.StatusNotFound, &fiber.Map{
			"message": "User not found",
		}, "", nil, nil)
	}
	if user == nil {
		return utils.NewHTTPResponse(fiber.StatusNotFound, &fiber.Map{
			"message": "User not found",
		}, "", nil, nil)
	}

	hashedPassword := user.Password
	valid, err := utils.Verify(password, hashedPassword)
	if err != nil {
		return utils.NewHTTPResponse(fiber.StatusInternalServerError, &fiber.Map{
			"message": "Error verifying password",
		}, "", nil, nil)
	}
	if !valid {
		return utils.NewHTTPResponse(fiber.StatusUnauthorized, &fiber.Map{
			"message": "Invalid password",
		}, "", nil, nil)
	}

	session := repositories.CreateSession(user)
	if session == nil {
		return utils.NewHTTPResponse(fiber.StatusInternalServerError, &fiber.Map{
			"message": "Error creating session",
		}, "", nil, nil)
	}

	masterlog.Debug("Session created successfully", map[string]interface{}{"session_id": session.ID, "user_id": session.UserID})

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
		"sub": session.ID.String(),
		"exp": time.Now().Add(time.Hour * 24).Unix(),
	})

	secret := config.CONFIG.JwtSecret
	tokenString, err := token.SignedString([]byte(secret))
	if err != nil {
		return utils.NewHTTPResponse(fiber.StatusInternalServerError, &fiber.Map{
			"message": "Error generating token",
		}, "", nil, nil)
	}

	return utils.NewHTTPResponse(fiber.StatusOK, &fiber.Map{
		"message": "Login successful",
		"token":   tokenString,
	}, "", nil, nil)
}