package auth

import (
	"lishwist/db"
	"lishwist/types"
	"log"
	"net/http"
	"time"

	"golang.org/x/crypto/bcrypt"
)

func (auth *AuthMiddleware) LoginPost(w http.ResponseWriter, r *http.Request) {
	if err := r.ParseForm(); err != nil {
		http.Error(w, "Couldn't parse form", http.StatusBadRequest)
		return
	}

	username := r.Form.Get("username")
	password := r.Form.Get("password")

	user, ok := db.Get("user:" + username).(types.UserData)
	if !ok {
		time.Sleep(2 * time.Second)
		http.Error(w, "Username or password invalid", http.StatusUnauthorized)
		return
	}

	err := bcrypt.CompareHashAndPassword(user.PassHash, []byte(password))
	if err != nil {
		http.Error(w, "Username or password invalid", http.StatusUnauthorized)
		return
	}

	session, err := auth.Store.Get(r, "lishwist_user")
	if err != nil {
		http.Error(w, "Something went wrong. Error code: Sokka", http.StatusInternalServerError)
		return
	}
	session.Values["authorized"] = true
	session.Values["username"] = username
	if err := session.Save(r, w); err != nil {
		log.Println("Couldn't save session:", err)
		http.Error(w, "Something went wrong. Error code: Zuko", http.StatusInternalServerError)
		return
	}

	http.Redirect(w, r, r.URL.Path, http.StatusSeeOther)
}