package auth

import (
	"fmt"
	"net/http"
	"strings"

	"src.rybka.ca/pkg/web"
)

func HandleLogin(w http.ResponseWriter, r *http.Request) {
	params, err := web.GetParams(r)
	if err != nil {
		http.Error(w, "bad form", http.StatusBadRequest)
		return
	}
	phone := normalizePhone(params["phone"])
	err = validatePhone(phone)
	if err != nil {
		loginPage(w, r, phone, err, nil)
		return
	}
	code := params["code"]
	if code == "" {
		// Send login code
		err = sendLoginCode(phone)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}

		// Return login page
		loginPage(w, r, phone, nil, nil)
	} else {
		token, ok, err := login(phone, code)
		if err != nil {
			http.Error(w, err.Error(), http.StatusInternalServerError)
			return
		}
		if !ok {
			loginPage(w, r, phone, nil, fmt.Errorf("invalid code"))
			return
		}
		if strings.HasPrefix(r.Header.Get("Accept"), "text/html") {
			http.SetCookie(w, &http.Cookie{
				Name:   "token",
				Value:  token,
				Secure: true,
				Path:   "/",
			})
			http.Redirect(w, r, "/", http.StatusSeeOther)
		} else {
			w.Write([]byte(token))
		}
	}
}