import { Request, Response, Express } from "express";
import { VixpressController } from "@dunemask/vix";
import Cairo from "@lib/Cairo";
import type PostgresService from "@lib/database/PostgresService";
import { CAuthContract, AuthContract } from "@lib/contracts/auth.contracts";
import { ContractRouteContext } from "@dunemask/vix/express";
import { AuthErrors, ProjectErrors } from "@lib/vix/ClientErrors";
import { getUserToken, hashCompare } from "./auth.service";
import { CDatabaseContract } from "@lib/contracts/database.contracts";
import { ProjectContract } from "@lib/contracts/project.contracts";
import { UserRequest } from "@lib/types/ApiRequests";
import { ResourcePolicy } from "@dunemask/vix/util";

type LoginCRC = ContractRouteContext<{
  RequestBodyContract: typeof AuthContract.Login;
  RequestParamsContract: typeof ProjectContract.ProjectParams;
}>;

export default class AuthController extends VixpressController {
  declare pg: PostgresService;
  constructor(app: Express) {
    super(app);
    this.pg = this.app.get(Cairo.PostgresService);
  }

  verify = (_req: Request, res: Response) => res.sendStatus(200);

  async login(crc: LoginCRC): Promise<CAuthContract["LoginCredentials"]> {
    const { identity, password } = crc.reqBody;
    const { project } = crc.reqParams;
    const user = await this.pg.users.byIdentity(project, identity);
    if (!user?.rolePolicy?.policies) throw AuthErrors.UnauthorizedRequest;
    const authorized = await hashCompare(password, user.hash);
    if (!authorized) throw AuthErrors.UnauthorizedRequest;
    const projectKeyPairs = user.project.keyPairs;
    if (projectKeyPairs.length !== 1) throw ProjectErrors.BadRequestProjectIncomplete;
    const token = await getUserToken(user.id, user.project.keyPairs[0].encryptedPrivateKey);
    const policies = user.rolePolicy.policies;
    const usr: CDatabaseContract["User"] = { id: user.id, username: user.username, rolePolicyId: user.rolePolicyId };
    return { token, user: usr, policies };
  }

  async credentials(crc: ContractRouteContext): Promise<CAuthContract["Credentials"]> {
    const { user, policies } = crc.req as UserRequest;
    const usr: CDatabaseContract["User"] = { id: user.id, username: user.username, rolePolicyId: user.rolePolicyId };
    return { user: usr, policies: ResourcePolicy.asStrings(policies) };
  }
}