using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication;
using System.Security.Claims;
using Microsoft.AspNetCore.Mvc;
using DigitalData.UserManager.Application.Contracts;
using DigitalData.UserManager.Application.DTOs.User;
using Microsoft.AspNetCore.Authorization;
using DigitalData.UserManager.Application;
using DigitalData.UserManager.Application.DTOs.Auth;
using DigitalData.Core.Contracts.Application;
using Microsoft.Extensions.Caching.Memory;

namespace DigitalData.UserManager.API.Controllers
{
    [Route("api/[controller]")]
    public class AuthController : ControllerBase
    {
        private IUserService _userService;
        private IGroupOfUserService _gouService;
        private IMemoryCache _memoryCache;
        private IConfiguration _configuration;
        private IDirectorySearchService _dirSearchService;

        public AuthController(IUserService userService, IGroupOfUserService gouService, IMemoryCache memoryCache, IConfiguration configuration, IDirectorySearchService directorySearchService)
        {
            _userService = userService;
            _gouService = gouService;
            _memoryCache = memoryCache;
            _configuration = configuration;
            _dirSearchService = directorySearchService;
        }

        [AllowAnonymous]
        [HttpGet("check")]
        public IActionResult CheckAuthentication() => Ok(new AuthCheckDto(IsAuthenticated: User.Identity?.IsAuthenticated ?? false));

        [AllowAnonymous]
        [HttpPost("login")]
        public async Task<IActionResult> Login([FromBody] LogInDto login)
        {
            bool isValid = _dirSearchService.ValidateCredentials(login.Username, login.Password);

            if (!isValid)
                return Unauthorized(_userService.Failed(MessageKey.UserNotFound.ToString()));

            var gouMsg = await _gouService.HasGroup(login.Username, "PM_USER", caseSensitive:false);
            if(!gouMsg.IsSuccess)
                return Unauthorized(_userService.Failed(MessageKey.UnauthorizedUser.ToString()));

            //find the user
            var uRes = await _userService.ReadByUsernameAsync(login.Username);
            if (!uRes.IsSuccess || uRes.Data is null)
            {
                return Unauthorized(uRes);
            }

            UserReadDto user = uRes.Data;

            // Create claims
            var claims = new List<Claim>
            {
                new Claim(ClaimTypes.NameIdentifier, user.Guid.ToString()),
                new Claim(ClaimTypes.Name, user.Username),
                new Claim(ClaimTypes.Surname, user.Name ?? ""),
                new Claim(ClaimTypes.GivenName, user.Prename ?? ""),
                new Claim(ClaimTypes.Email, user.Email ?? ""),
                new Claim(ClaimTypes.Role, "PM_USER")
            };

            // Create claimsIdentity
            var claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);

            // Create authProperties
            var authProperties = new AuthenticationProperties
            {
                IsPersistent = true,
                AllowRefresh = true,
                ExpiresUtc = DateTime.UtcNow.AddMinutes(60)
            };

            // Sign in
            await HttpContext.SignInAsync(
                CookieAuthenticationDefaults.AuthenticationScheme,
                new ClaimsPrincipal(claimsIdentity),
                authProperties);

            _dirSearchService.SetSearchRootCache(user.Username, login.Password);

            return Ok();
        }

        [Authorize]
        [HttpGet("user")]
        public async Task<IActionResult> GetUserWithClaims()
        {
            // Extract the username from the Name claim.
            string? username = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name)?.Value;

            if (string.IsNullOrEmpty(username))
                return Unauthorized();

            var userDto = await _userService.ReadByUsernameAsync(username);

            if (!userDto.IsSuccess || userDto.Data is null)
            {
                return NotFound(_userService.Failed("User not found."));
            }

            return Ok(userDto.Data);
        }

        [AllowAnonymous]
        [HttpPost("logout")]
        public async Task<IActionResult> Logout()
        {
            await HttpContext.SignOutAsync(CookieAuthenticationDefaults.AuthenticationScheme);
            return Ok();
        }
    }
}