import router from "../router.mjs";
import sql from "../sql.mjs";
import tpl from "../tpl.mjs";
import lib from "../lib.mjs";
import util from "util";
import crypto from "crypto";
import cfg from "../../../config.json";

const scrypt = util.promisify(crypto.scrypt);

const hash = async str => {
  const salt = crypto.randomBytes(16).toString("hex");
  const derivedKey = await scrypt(str, salt, 64);
  return "$f0ck$" + salt + ":" + derivedKey.toString("hex");
};

const verify = async (str, hash) => {
  const [ salt, key ] = hash.substring(6).split(":");
  const keyBuffer = Buffer.from(key, "hex");
  const derivedKey = await scrypt(str, salt, 64);
  return crypto.timingSafeEqual(keyBuffer, derivedKey);
};

const createID = () => crypto.randomBytes(16).toString("hex") + Date.now().toString(24);

router.get(/^\/login(\/)?$/, async (req, res) => {
  if(req.cookies.session)
    return res.reply({ body: "du bist schon eingeloggt lol<pre>"+util.inspect(req.session)+"</pre>" });
  res.reply({
    body: tpl.render("views/login", {}, req)
  });
});

router.post(/^\/login(\/)?$/, async (req, res) => {
  const user = await sql("user").where("login", req.post.username.toLowerCase()).limit(1);
  if(user.length === 0)
    return res.reply({ body: "user doesn't exist or wrong password" });
  if(!(await verify(req.post.password, user[0].password)))
    return res.reply({ body: "user doesn't exist or wrong password" });
  const stamp = Date.now() / 1e3;

  const session = lib.md5(createID());
  await sql("user_sessions").insert({
    user_id: user[0].id,
    session: lib.md5(session),
    browser: req.headers["user-agent"],
    created_at: stamp,
    last_used: stamp
  });

  return res.writeHead(301, {
    "Cache-Control": "no-cache, public",
    "Set-Cookie": `session=${session}; Path=/`,
    "Location": "/"
  }).end();
});

router.get(/^\/logout$/, async (req, res) => {
  if(!req.session)
    return res.redirect("/");
  
  const usersession = await sql("user_sessions").where("id", req.session.sess_id);
  if(usersession.length === 0)
    return res.reply({ body: "nope 2" });
  
  await sql("user_sessions").where("id", req.session.sess_id).del();
  return res.writeHead(301, {
    "Cache-Control": "no-cache, public",
    "Set-Cookie": "session=; Path=/;  expires=Thu, 01 Jan 1970 00:00:00 GMT",
    "Location": "/login"
  }).end();
});

router.get(/^\/login\/pwdgen$/, async (req, res) => {
  res.reply({
    body: "<form action=\"/login/pwdgen\" method=\"post\"><input type=\"text\" name=\"pwd\" placeholder=\"pwd\" /><input type=\"submit\" value=\"f0ck it\" /></form>"
  });
});
router.post(/^\/login\/pwdgen$/, async (req, res) => {
  res.reply({
    body: await hash(req.post.pwd)
  });
});

router.get(/^\/login\/test$/, async (req, res) => {
  res.reply({
    body: "<pre>" + util.inspect(req) + "</pre>"
  });
});

router.get(/^\/admin(\/)?$/, async (req, res) => {
  if(!req.session)
    return res.redirect("/");

  res.reply({
    body: tpl.render("views/admin", {}, req)
  });
});