package serve

import (
	"context"
	"fmt"
	"github.com/google/uuid"
	"github.com/loveuer/nf"
	"github.com/loveuer/nf/nft/log"
	"net/http"
	"uauth/internal/tool"
)

func authenticateUser(username, password string) (bool, error) {
	// 这里你应该实现真实的用户认证逻辑
	// 为了简化，我们这里直接硬编码一个用户名和密码
	if username == "user" && password == "pass" {
		return true, nil
	}

	return false, fmt.Errorf("invalid username or password")
}

// 处理登录请求
func handleLogin(c *nf.Ctx) error {
	username := c.FormValue("username")
	password := c.FormValue("password")

	// 认证用户
	ok, err := authenticateUser(username, password)
	if err != nil || !ok {
		return c.Status(http.StatusUnauthorized).SendString("Unauthorized")
	}

	// 用户认证成功，重定向到授权页面
	http.Redirect(c.Writer, c.Request, "/authorize?client_id=12345&response_type=code&redirect_uri=http%3A%2F%2Flocalhost%3A8080%2Fcallback&scope=read%20write", http.StatusFound)

	return nil
}

// 处理授权请求
func handleAuthorize(c *nf.Ctx) error {
	// 解析查询参数
	clientID := c.Query("client_id")
	responseType := c.Query("response_type")
	redirectURI := c.Query("redirect_uri")
	scope := c.Query("scope")

	// 检查客户端 ID 和其他参数
	// 在实际应用中，你需要检查这些参数是否合法
	if clientID != "12345" || responseType != "code" || redirectURI != "http://localhost:8080/callback" {
		return c.Status(http.StatusBadRequest).SendString("Invalid request")
	}

	// 显示授权页面给用户
	_, err := c.Write([]byte(`
        <html>
        <head><title>Authorization</title></head>
        <body>
            <h1>Do you want to authorize this application?</h1>
            <form action="/approve" method="post">
                <input type="hidden" name="client_id" value="` + clientID + `"/>
                <input type="hidden" name="redirect_uri" value="` + redirectURI + `"/>
                <input type="hidden" name="scope" value="` + scope + `"/>
                <button type="submit">Yes, I authorize</button>
            </form>
        </body>
        </html>
    `))

	return err
}

// 处理用户的授权批准
func handleApprove(c *nf.Ctx) error {
	// 获取表单数据
	clientID := c.FormValue("client_id")
	redirectURI := c.FormValue("redirect_uri")
	scope := c.FormValue("scope")

	// 生成授权码
	authorizationCode := uuid.New().String()[:8]

	log.Info("[D] client_id = %s, scope = %s, auth_code = %s", clientID, scope, authorizationCode)

	// 重定向到回调 URL 并附带授权码
	http.Redirect(c.Writer, c.Request, redirectURI+"?code="+authorizationCode, http.StatusFound)
	return nil
}

// 令牌请求的处理
func handleToken(c *nf.Ctx) error {
	// 获取请求参数
	grantType := c.FormValue("grant_type")
	code := c.FormValue("code")
	redirectURI := c.FormValue("redirect_uri")

	// 简单验证
	if grantType != "authorization_code" {
		return c.Status(http.StatusBadRequest).SendString("Unsupported grant type")
	}

	mu.Lock()
	defer mu.Unlock()

	// 验证授权码是否有效
	accessToken, ok := authCodes[code]
	if !ok {
		return c.Status(http.StatusBadRequest).SendString("Invalid authorization code")
	}

	// 生成访问令牌
	token := generateAccessToken()

	// 返回访问令牌
	return c.JSON(map[string]string{
		"access_token": token,
		"token_type":   "bearer",
		"expires_in":   "3600", // 访问令牌有效期（秒）
	})

	// 清除已使用的授权码
	delete(authCodes, code)
}

func Run(ctx context.Context, prefix string, address string) error {

	app := nf.New()

	api := app.Group(prefix)
	// 设置路由
	api.Get("/login", handleLogin)
	api.Get("/authorize", handleAuthorize)
	api.Post("/approve", handleApprove)
	api.Post("/token", handleToken)

	// 启动 HTTP 服务器
	log.Info("Starting server on: %s", address)
	go func() {
		<-ctx.Done()
		_ = app.Shutdown(tool.Timeout(2))
	}()

	return app.Run(address)
}