package Auth

import (
	"encoding/json"
	"io/ioutil"
	"net/http"

	"git.tovijaeschke.xyz/tovi/Envelope/Backend/Database"
	"git.tovijaeschke.xyz/tovi/Envelope/Backend/Models"
)

type rawChangePassword struct {
	OldPassword        string `json:"old_password"`
	NewPassword        string `json:"new_password"`
	NewPasswordConfirm string `json:"new_password_confirm"`
	PrivateKey         string `json:"private_key"`
}

// ChangePassword handle change password action
func ChangePassword(w http.ResponseWriter, r *http.Request) {
	var (
		user           Models.User
		changePassword rawChangePassword
		requestBody    []byte
		err            error
	)

	user, err = CheckCookieCurrentUser(w, r)
	if err != nil {
		// Don't bother showing an error here, as the middleware handles auth
		return
	}

	requestBody, err = ioutil.ReadAll(r.Body)
	if err != nil {
		http.Error(w, "Error", http.StatusInternalServerError)
		return
	}

	err = json.Unmarshal(requestBody, &changePassword)
	if err != nil {
		http.Error(w, "Error", http.StatusInternalServerError)
		return
	}

	if !CheckPasswordHash(changePassword.OldPassword, user.Password) {
		http.Error(w, "Invalid Current Password", http.StatusForbidden)
		return
	}

	// This should never occur, due to frontend validation
	if changePassword.NewPassword != changePassword.NewPasswordConfirm {
		http.Error(w, "Invalid New Password", http.StatusUnprocessableEntity)
		return
	}

	user.Password, err = HashPassword(changePassword.NewPassword)
	if err != nil {
		http.Error(w, "Error", http.StatusInternalServerError)
		return
	}

	// Private key doesn't change at this point, is just re-encrypted with the new password
	user.AsymmetricPrivateKey = changePassword.PrivateKey

	err = Database.UpdateUser(
		user.ID.String(),
		&user,
	)
	if err != nil {
		http.Error(w, "Error", http.StatusInternalServerError)
		return
	}

	w.WriteHeader(http.StatusOK)
}