package Pear::LocalLoop::Controller::Api::Auth;
use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
use Mojo::JSON qw/ decode_json /;

has error_messages => sub {
  return {
    email => {
      required => { message => 'No email sent.', status => 400 },
      email => { message => 'Email is invalid.', status => 400 },
    },
    password => {
      required => { message => 'No password sent.', status => 400 },
    },
  };
};

sub check_json {
  my $c = shift;

  # JSON object is either the whole request, or under a json param for upload
  my $json = $c->req->json || decode_json( $c->param('json') || '{}' );

  unless ( defined $json && ref $json eq 'HASH' && scalar( keys %$json ) > 0 ) {
    $c->render(
      json => {
        success => Mojo::JSON->false,
        message => 'JSON is missing.',
      },
      status => 400,
    );
    return 0;
  }

  $c->stash( api_json => $json );
  return 1;
}

sub auth {
  my $c = shift;

  my $session_key = $c->stash->{api_json}->{session_key};

  if ( defined $session_key ) {
    my $session_result = $c->schema->resultset('SessionToken')->find({ token => $session_key });

    if ( defined $session_result ) {
      $c->stash( api_user => $session_result->user );
      return 1;
    }
  }

  $c->render(
    json => {
      success => Mojo::JSON->false,
      message => 'Invalid Session',
    },
    status => 401,
  );
  return 0;
}

sub post_login {
  my $c = shift;

  my $validation = $c->validation;

  $validation->input( $c->stash->{api_json} );
  $validation->required('email')->email;
  $validation->required('password');

  return $c->api_validation_error if $validation->has_error;

  my $email = $validation->param('email');
  my $password = $validation->param('password');

  $c->app->log->debug( __PACKAGE__ . " login attempt for [" . $email . "]" );

  my $user_result = $c->schema->resultset('User')->find({ email => $email });

  if ( defined $user_result ) {
    if ( $user_result->check_password($password) ) {
      my $session_key = $user_result->generate_session;

      return $c->render( json => {
        success => Mojo::JSON->true,
        session_key => $session_key,
        display_name => $user_result->name,
        user_type => $user_result->type,
      });
    } else {
      $c->app->log->info( __PACKAGE__ . " failed login for [" . $email . "]" );
    }
  }
  return $c->render(
    json => {
      success => Mojo::JSON->false,
      message => 'Email or password is invalid.',
    },
    status => 401
  );
}

sub post_logout {
  my $c = shift;

  my $session_key = $c->req->json( '/session_key' );

  my $session_result = $c->schema->resultset('SessionToken')->find({ token => $session_key });

  if ( defined $session_result ) {
    $session_result->delete;
  }

  $c->render( json => {
    success => Mojo::JSON->true,
    message => 'Logged Out',
  });
}

1;