using API.DTO.Base;
using API.DTO.Login;
using API.Services.Interfaces;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc;
using System.Security.Claims;

namespace API.Controllers
{
	[ApiController]
	[Route("api/v1/[controller]")]
	public class AuthController : ControllerBase
	{
		private readonly ILogger<AuthController> _logger;
		private readonly IUserManager _userManager;

		public AuthController(ILogger<AuthController> logger, IUserManager userManager)
		{
			_logger = logger;
			_userManager = userManager;
		}

		[HttpPost("login")]
		public ActionResult<UserDTO> login(UserLoginDTO userLogin)
		{
			UserDTO? user = _userManager.AuthenticateUser(userLogin);
			if (user == null)
				return new UnauthorizedResult();

			Claim[] claims =
			{
				new Claim(ClaimTypes.NameIdentifier, user.id.ToString())
			};

			ClaimsIdentity claimsIdentity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);

			//todo confirm if this is accurate
			AuthenticationProperties authProperties = new AuthenticationProperties();

			HttpContext.SignInAsync(CookieAuthenticationDefaults.AuthenticationScheme, new ClaimsPrincipal(claimsIdentity), authProperties);

			return Ok(user);
		}
	}
}