package com.ufund.api.ufundapi.service;

import com.ufund.api.ufundapi.model.User;
import com.ufund.api.ufundapi.model.UserAuth;
import com.ufund.api.ufundapi.persistence.UserAuthDAO;
import org.springframework.stereotype.Component;

import java.io.IOException;

@Component
public class AuthService {

    private final UserAuthDAO userAuthDAO;
    private final UserService userService;

    public AuthService(UserAuthDAO userAuthDAO, UserService userService) {
        this.userAuthDAO = userAuthDAO;
        this.userService = userService;
    }

    /**
     * Check if the provided key has access to the provided user.
     *
     * @param targetUsername The targetUsername of the user trying to be accessed.
     * @param key The api key obtained by the client from logging in.
     * @throws IllegalAccessException Thrown if access was denied to the user.
     */
    public void authenticate(String targetUsername, String key) throws IllegalAccessException, IOException {
//        var userAuth = userAuthDAO.getUserAuth(key);
//        if (userAuth == null) {
//            throw new IllegalAccessException("Unauthenticated");
//        }
//
//        var username = userAuth.getUsername();
//        var userType = userService.getUser(username).getType();
//        if (!username.equals(targetUsername) && userType != User.UserType.MANAGER) {
//            throw new IllegalAccessException("Unauthorized");
//        }
    }

    /**
     * Attempt to log in with the provided credentials
     *
     * @param username The username of the user
     * @param password The password of the user
     * @return An API key if the authentication was successful.
     * @throws IllegalAccessException Thrown if the username or password was incorrect
     * @throws IOException If there was an issue saving the authentication
     */
    public String login(String username, String password) throws IllegalAccessException, IOException {
        var usr = userService.getUser(username);
        if (usr == null || !usr.verifyPassword(password)) {
            throw new IllegalAccessException("Unauthorized");
        }
        var userAuth = UserAuth.generate(username);
        userAuthDAO.addUserAuth(userAuth);
        return userAuth.getKey();
    }

    /**
     * Logs out the current user
     *
     * @param key The API key to of the client
     * @throws IOException Thrown if there was an error saving the authentication
     */
    public void logout(String key) throws IOException {
        userAuthDAO.removeUserAuth(key);
    }

}