package auth

import (
	"nixcn-cms/data"
	"nixcn-cms/internal/cryptography"
	"nixcn-cms/pkgs/email"
	"nixcn-cms/pkgs/magiclink"
	"nixcn-cms/pkgs/turnstile"

	"github.com/google/uuid"
	log "github.com/sirupsen/logrus"
	"gorm.io/gorm"

	"github.com/gin-gonic/gin"
	"github.com/spf13/viper"
)

type MagicLinkRequest struct {
	Email          string `json:"email" binding:"required,email"`
	TurnstileToken string `json:"turnstile_token" binding:"required"`
}

func RequestMagicLink(c *gin.Context) {
	// Parse request
	var req MagicLinkRequest
	if err := c.ShouldBindJSON(&req); err != nil {
		c.JSON(400, gin.H{"error": "invalid request"})
		return
	}

	// Cloudflare turnstile
	ok, err := turnstile.VerifyTurnstile(req.TurnstileToken, c.ClientIP())
	if err != nil || !ok {
		c.JSON(403, gin.H{"error": "turnstile failed"})
		return
	}

	// Generate magic token
	token, err := magiclink.NewMagicToken(req.Email)
	if err != nil {
		c.JSON(500, gin.H{"error": "internal error"})
		return
	}

	link := viper.GetString("server.external_url") + "/login?ticket=" + token

	// Send email using resend
	resend, err := email.NewResendClient()
	if err != nil {
		log.Error(err)
		c.JSON(500, gin.H{"status": "invilad email config"})
		return
	}
	resend.Send(
		req.Email,
		"NixCN CMS Email Verify",
		"<p>Click the link below to verify your email. This link will expire in 10 minutes.</p><a href="+link+">"+link+"</a>",
	)

	c.JSON(200, gin.H{"status": "magic link sent"})
}

func VerifyMagicLink(c *gin.Context) {
	// Get token from url
	magicToken := c.Query("token")
	if magicToken == "" {
		c.JSON(400, gin.H{"error": "missing token"})
		return
	}

	// Verify email token
	email, ok := magiclink.VerifyMagicToken(magicToken)
	if !ok {
		c.JSON(401, gin.H{"error": "invalid or expired token"})
		return
	}

	// Verify if user exists
	user := new(data.User)
	err := user.GetByEmail(email)

	if err != nil {
		if err == gorm.ErrRecordNotFound {
			// Create user
			user.UUID = uuid.New()
			user.UserId = uuid.New()
			user.Email = email
			user.Type = "Normal"
			user.PermissionLevel = 10
			if err := user.Create(); err != nil {
				c.JSON(500, gin.H{"status": "internal server error"})
				return
			}
		} else {
			c.JSON(500, gin.H{"status": "internal server error"})
			return
		}
	}

	// Generate jwt
	JwtTool := cryptography.Token{
		UserID:      user.UserId,
		Application: viper.GetString("server.application"),
	}
	accessToken, refreshToken, err := JwtTool.IssueTokens()
	if err != nil {
		c.JSON(500, gin.H{
			"status": "error generating tokens",
		})
		return
	}

	c.JSON(200, gin.H{
		"access_token":  accessToken,
		"refresh_token": refreshToken,
	})
}