<?php namespace MapGuesser\Controller;

use DateInterval;
use DateTime;
use SokoWeb\Http\Request;
use SokoWeb\Interfaces\Request\IRequest;
use SokoWeb\Interfaces\Response\IContent;
use SokoWeb\Interfaces\Response\IRedirect;
use SokoWeb\Mailing\Mail;
use SokoWeb\OAuth\GoogleOAuth;
use MapGuesser\PersistentData\Model\User;
use MapGuesser\PersistentData\Model\UserConfirmation;
use MapGuesser\PersistentData\Model\UserPasswordResetter;
use SokoWeb\PersistentData\PersistentDataManager;
use MapGuesser\Repository\UserConfirmationRepository;
use MapGuesser\Repository\UserPasswordResetterRepository;
use MapGuesser\Repository\UserPlayedPlaceRepository;
use MapGuesser\Repository\UserRepository;
use SokoWeb\Response\HtmlContent;
use SokoWeb\Response\JsonContent;
use SokoWeb\Response\Redirect;
use SokoWeb\Util\CaptchaValidator;
use SokoWeb\Util\JwtParser;

class LoginController
{
    private IRequest $request;

    private PersistentDataManager $pdm;

    private UserRepository $userRepository;

    private UserConfirmationRepository $userConfirmationRepository;

    private UserPasswordResetterRepository $userPasswordResetterRepository;

    private UserPlayedPlaceRepository $userPlayedPlaceRepository;

    private string $redirectUrl;

    public function __construct(IRequest $request)
    {
        $this->request = $request;
        $this->pdm = new PersistentDataManager();
        $this->userRepository = new UserRepository();
        $this->userConfirmationRepository = new UserConfirmationRepository();
        $this->userPasswordResetterRepository = new UserPasswordResetterRepository();
        $this->userPlayedPlaceRepository = new UserPlayedPlaceRepository();
        $this->redirectUrl = $this->request->session()->has('redirect_after_login') ?
            $this->request->session()->get('redirect_after_login') :
            \Container::$routeCollection->getRoute('index')->generateLink();
    }

    public function getLoginForm()
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
        }

        return new HtmlContent('login/login', ['redirectUrl' => $this->redirectUrl]);
    }

    public function getGoogleLoginRedirect(): IRedirect
    {
        $state = bin2hex(random_bytes(16));
        $nonce = bin2hex(random_bytes(16));

        $this->request->session()->set('oauth_state', $state);
        $this->request->session()->set('oauth_nonce', $nonce);

        $oAuth = new GoogleOAuth(new Request());
        $url = $oAuth->getDialogUrl(
            $state,
            $this->request->getBase() . \Container::$routeCollection->getRoute('login-google-action')->generateLink(),
            $nonce
        );

        return new Redirect($url, IRedirect::TEMPORARY);
    }

    public function getSignupForm()
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
        }

        if ($this->request->session()->has('tmp_user_data')) {
            $tmpUserData = $this->request->session()->get('tmp_user_data');

            $data = ['email' => $tmpUserData['email']];
        } else {
            $data = [];
        }

        return new HtmlContent('login/signup', $data);
    }

    public function getSignupSuccess(): IContent
    {
        return new HtmlContent('login/signup_success');
    }

    public function getSignupWithGoogleForm()
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
        }

        if (!$this->request->session()->has('google_user_data')) {
            return new Redirect(\Container::$routeCollection->getRoute('login-google')->generateLink(), IRedirect::TEMPORARY);
        }

        $userData = $this->request->session()->get('google_user_data');

        $user = $this->userRepository->getByEmail($userData['email']);

        return new HtmlContent('login/google_signup', ['found' => $user !== null, 'email' => $userData['email'], 'redirectUrl' => $this->redirectUrl]);
    }

    public function getRequestPasswordResetForm()
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
        }

        return new HtmlContent('login/password_reset_request', ['email' => $this->request->query('email')]);
    }

    public function getRequestPasswordResetSuccess(): IContent
    {
        return new HtmlContent('login/password_reset_request_success');
    }

    public function getResetPasswordForm()
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
        }

        $token = $this->request->query('token');
        $resetter = $this->userPasswordResetterRepository->getByToken($token);

        if ($resetter === null || $resetter->getExpiresDate() < new DateTime()) {
            return new HtmlContent('login/reset_password', ['success' => false]);
        }

        $user = $this->userRepository->getById($resetter->getUserId());

        return new HtmlContent('login/reset_password', ['success' => true, 'token' => $token, 'email' => $user->getEmail(), 'redirectUrl' => $this->redirectUrl]);
    }

    public function login(): IContent
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new JsonContent(['success' => true]);
        }

        $user = $this->userRepository->getByEmail($this->request->post('email'));

        if ($user === null) {
            if (strlen($this->request->post('password')) < 6) {
                return new JsonContent([
                    'error' => [
                        'errorText' => 'The given password is too short. Please choose a password that is at least 6 characters long!'
                    ]
                ]);
            }

            $tmpUser = new User();
            $tmpUser->setPlainPassword($this->request->post('password'));

            $this->request->session()->set('tmp_user_data', [
                'email' => $this->request->post('email'),
                'password_hashed' => $tmpUser->getPassword()
            ]);

            return new JsonContent([
                'redirect' => [
                    'target' => \Container::$routeCollection->getRoute('signup')->generateLink()
                ]
            ]);
        }

        if (!$user->getActive()) {
            $this->resendConfirmationEmail($user);

            return new JsonContent([
                'error' => [
                    'errorText' => 'User found with the given email address, but the account is not activated. ' .
                        'Please check your email and click on the activation link!'
                ]
            ]);
        }

        if (!$user->checkPassword($this->request->post('password'))) {
            return new JsonContent([
                'error' => [
                    'errorText' => 'The given password is wrong. You can <a href="/password/requestReset?email=' .
                        urlencode($user->getEmail()) . '" title="Request password reset">request password reset</a>!'
                ]
            ]);
        }

        $this->request->setUser($user);

        $this->deleteRedirectUrl();
        return new JsonContent(['success' => true]);
    }

    public function loginWithGoogle()
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
        }

        if ($this->request->query('state') !== $this->request->session()->get('oauth_state')) {
            return new HtmlContent('login/google_login');
        }

        $oAuth = new GoogleOAuth(new Request());
        $tokenData = $oAuth->getToken(
            $this->request->query('code'),
            $this->request->getBase() . \Container::$routeCollection->getRoute('login-google-action')->generateLink()
        );

        if (!isset($tokenData['id_token'])) {
            return new HtmlContent('login/google_login');
        }

        $jwtParser = new JwtParser($tokenData['id_token']);
        $idToken = $jwtParser->getPayload();

        if ($idToken['nonce'] !== $this->request->session()->get('oauth_nonce')) {
            return new HtmlContent('login/google_login');
        }

        if (!$idToken['email_verified']) {
            return new HtmlContent('login/google_login');
        }

        $user = $this->userRepository->getByGoogleSub($idToken['sub']);

        if ($user === null) {
            $this->request->session()->set('google_user_data', ['sub' => $idToken['sub'], 'email' => $idToken['email']]);

            return new Redirect(\Container::$routeCollection->getRoute('signup-google')->generateLink(), IRedirect::TEMPORARY);
        }

        $this->request->setUser($user);

        $this->deleteRedirectUrl();
        return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
    }

    public function logout(): IRedirect
    {
        $this->request->setUser(null);

        return new Redirect(\Container::$routeCollection->getRoute('index')->generateLink(), IRedirect::TEMPORARY);
    }

    public function signup(): IContent
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new JsonContent(['redirect' => ['target' => $this->redirectUrl]]);
        }

        $user = $this->userRepository->getByEmail($this->request->post('email'));

        if ($user !== null) {
            if ($user->getActive()) {
                if (!$user->checkPassword($this->request->post('password'))) {
                    return new JsonContent([
                        'error' => [
                            'errorText' => 'There is a user already registered with the given email address, ' .
                                'but the given password is wrong. You can <a href="/password/requestReset?email=' .
                                urlencode($user->getEmail()) . '" title="Request password reset">request password reset</a>!'
                        ]
                    ]);
                }

                $this->request->setUser($user);

                $this->deleteRedirectUrl();
                $data = ['redirect' => ['target' => $this->redirectUrl]];
            } else {
                $data = [
                    'error' => [
                        'errorText' => 'There is a user already registered with the given email address. ' .
                            'Please check your email and click on the activation link!'
                    ]
                ];
            }
            return new JsonContent($data);
        }

        if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
            if (!$this->request->post('g-recaptcha-response')) {
                return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
            }

            $captchaValidator = new CaptchaValidator();
            $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
            if (!$captchaResponse['success']) {
                return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
            }
        }

        if (filter_var($this->request->post('email'), FILTER_VALIDATE_EMAIL) === false) {
            return new JsonContent(['error' => ['errorText' => 'The given email address is not valid.']]);
        }

        if ($this->request->session()->has('tmp_user_data')) {
            $tmpUserData = $this->request->session()->get('tmp_user_data');

            $tmpUser = new User();
            $tmpUser->setPassword($tmpUserData['password_hashed']);

            if (!$tmpUser->checkPassword($this->request->post('password'))) {
                return new JsonContent(['error' => ['errorText' => 'The given passwords do not match.']]);
            }
        } else {
            if (strlen($this->request->post('password')) < 6) {
                return new JsonContent([
                    'error' => [
                        'errorText' => 'The given password is too short. Please choose a password that is at least 6 characters long!'
                    ]
                ]);
            }

            if ($this->request->post('password') !== $this->request->post('password_confirm')) {
                return new JsonContent(['error' => ['errorText' => 'The given passwords do not match.']]);
            }
        }

        $user = new User();
        $user->setEmail($this->request->post('email'));
        $user->setPlainPassword($this->request->post('password'));
        $user->setCreatedDate(new DateTime());

        \Container::$dbConnection->startTransaction();

        $this->pdm->saveToDb($user);

        $token = bin2hex(random_bytes(16));

        $confirmation = new UserConfirmation();
        $confirmation->setUser($user);
        $confirmation->setToken($token);
        $confirmation->setLastSentDate(new DateTime());

        $this->pdm->saveToDb($confirmation);

        \Container::$dbConnection->commit();

        $this->sendConfirmationEmail($user->getEmail(), $token, $user->getCreatedDate());

        $this->request->session()->delete('tmp_user_data');

        return new JsonContent(['success' => true]);
    }

    public function signupWithGoogle(): IContent
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new JsonContent(['success' => true]);
        }

        $userData = $this->request->session()->get('google_user_data');

        $user = $this->userRepository->getByEmail($userData['email']);

        if ($user === null) {
            $sendWelcomeEmail = true;

            $user = new User();
            $user->setEmail($userData['email']);
            $user->setCreatedDate(new DateTime());
        } else {
            $sendWelcomeEmail = false;
        }

        $user->setActive(true);
        $user->setGoogleSub($userData['sub']);

        $this->pdm->saveToDb($user);

        if ($sendWelcomeEmail) {
            $this->sendWelcomeEmail($user->getEmail());
        }

        $this->request->session()->delete('google_user_data');
        $this->request->setUser($user);

        $this->deleteRedirectUrl();
        return new JsonContent(['success' => true]);
    }

    public function resetSignup(): IContent
    {
        $this->request->session()->delete('tmp_user_data');

        return new JsonContent(['success' => true]);
    }

    public function resetGoogleSignup(): IContent
    {
        $this->request->session()->delete('google_user_data');

        return new JsonContent(['success' => true]);
    }

    public function activate()
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
        }

        $confirmation = $this->userConfirmationRepository->getByToken(substr($this->request->query('token'), 0, 32));

        if ($confirmation === null) {
            return new HtmlContent('login/activate');
        }

        \Container::$dbConnection->startTransaction();

        $this->pdm->deleteFromDb($confirmation);

        $user = $this->userRepository->getById($confirmation->getUserId());
        $user->setActive(true);

        $this->pdm->saveToDb($user);

        \Container::$dbConnection->commit();

        $this->request->setUser($user);

        $this->deleteRedirectUrl();
        return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
    }

    public function cancel()
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new Redirect($this->redirectUrl, IRedirect::TEMPORARY);
        }

        $confirmation = $this->userConfirmationRepository->getByToken(substr($this->request->query('token'), 0, 32));

        if ($confirmation === null) {
            return new HtmlContent('login/cancel', ['success' => false]);
        }

        \Container::$dbConnection->startTransaction();

        $this->pdm->deleteFromDb($confirmation);

        $user = $this->userRepository->getById($confirmation->getUserId());

        foreach ($this->userPlayedPlaceRepository->getAllByUser($user) as $userPlayedPlace) {
            $this->pdm->deleteFromDb($userPlayedPlace);
        }

        $this->pdm->deleteFromDb($user);

        \Container::$dbConnection->commit();

        return new HtmlContent('login/cancel', ['success' => true]);
    }

    public function requestPasswordReset(): IContent
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new JsonContent([
                'redirect' => [
                    'target' => $this->redirectUrl
                ]
            ]);
        }

        if (!empty($_ENV['RECAPTCHA_SITEKEY'])) {
            if (!$this->request->post('g-recaptcha-response')) {
                return new JsonContent(['error' => ['errorText' => 'Please check "I\'m not a robot" in the reCAPTCHA box!']]);
            }

            $captchaValidator = new CaptchaValidator();
            $captchaResponse = $captchaValidator->validate($this->request->post('g-recaptcha-response'));
            if (!$captchaResponse['success']) {
                return new JsonContent(['error' => ['errorText' => 'reCAPTCHA challenge failed. Please try again!']]);
            }
        }

        $user = $this->userRepository->getByEmail($this->request->post('email'));

        if ($user === null) {
            return new JsonContent([
                'error' => [
                    'errorText' => 'No user found with the given email address. You can <a href="/signup" title="Sign up">sign up</a>!'
                ]
            ]);
        }

        if (!$user->getActive()) {
            $this->resendConfirmationEmail($user);

            return new JsonContent([
                'error' => [
                    'errorText' => 'User found with the given email address, but the account is not activated. ' .
                        'Please check your email and click on the activation link!'
                ]
            ]);
        }

        $existingResetter = $this->userPasswordResetterRepository->getByUser($user);

        if ($existingResetter !== null && $existingResetter->getExpiresDate() > new DateTime()) {
            return new JsonContent([
                'error' => [
                    'errorText' => 'Password reset was recently requested for this account. Please check your email, or try again later!'
                ]
            ]);
        }

        $token = bin2hex(random_bytes(16));
        $expires = new DateTime('+1 hour');

        $passwordResetter = new UserPasswordResetter();
        $passwordResetter->setUser($user);
        $passwordResetter->setToken($token);
        $passwordResetter->setExpiresDate($expires);

        \Container::$dbConnection->startTransaction();

        if ($existingResetter !== null) {
            $this->pdm->deleteFromDb($existingResetter);
        }

        $this->pdm->saveToDb($passwordResetter);

        \Container::$dbConnection->commit();

        $this->sendPasswordResetEmail($user->getEmail(), $token, $expires);

        return new JsonContent(['success' => true]);
    }


    public function resetPassword(): IContent
    {
        if ($this->request->user() !== null) {
            $this->deleteRedirectUrl();
            return new JsonContent([
                'redirect' => [
                    'target' => $this->redirectUrl
                ]
            ]);
        }

        $token = $this->request->query('token');
        $resetter = $this->userPasswordResetterRepository->getByToken($token);

        if ($resetter === null || $resetter->getExpiresDate() < new DateTime()) {
            return new JsonContent([
                'redirect' => [
                    'target' => \Container::$routeCollection->getRoute('password-reset')->generateLink(['token' => $token])
                ]
            ]);
        }

        if (strlen($this->request->post('password')) < 6) {
            return new JsonContent([
                'error' => [
                    'errorText' => 'The given password is too short. Please choose a password that is at least 6 characters long!'
                ]
            ]);
        }

        if ($this->request->post('password') !== $this->request->post('password_confirm')) {
            return new JsonContent(['error' => ['errorText' => 'The given passwords do not match.']]);
        }

        \Container::$dbConnection->startTransaction();

        $this->pdm->deleteFromDb($resetter);

        $user = $this->userRepository->getById($resetter->getUserId());
        $user->setPlainPassword($this->request->post('password'));

        $this->pdm->saveToDb($user);

        \Container::$dbConnection->commit();

        $this->request->setUser($user);

        $this->deleteRedirectUrl();
        return new JsonContent(['success' => true]);
    }

    private function sendConfirmationEmail(string $email, string $token, DateTime $created): void
    {
        $mail = new Mail();
        $mail->addRecipient($email);
        $mail->setSubject('Welcome to ' . $_ENV['APP_NAME'] . ' - Activate your account');
        $mail->setBodyFromTemplate('signup', [
            'EMAIL' => $email,
            'ACTIVATE_LINK' => $this->request->getBase() .
                \Container::$routeCollection->getRoute('signup.activate')->generateLink(['token' => $token]),
            'CANCEL_LINK' => $this->request->getBase() .
                \Container::$routeCollection->getRoute('signup.cancel')->generateLink(['token' => $token]),
            'ACTIVATABLE_UNTIL' => (clone $created)->add(new DateInterval('P1D'))->format('Y-m-d H:i T')
        ]);
        $mail->send();
    }

    private function resendConfirmationEmail(User $user): bool
    {
        $confirmation = $this->userConfirmationRepository->getByUser($user);

        if ($confirmation === null || (clone $confirmation->getLastSentDate())->add(new DateInterval('PT1H')) > new DateTime()) {
            return false;
        }

        $confirmation->setLastSentDate(new DateTime());

        $this->pdm->saveToDb($confirmation);

        $this->sendConfirmationEmail($user->getEmail(), $confirmation->getToken(), $user->getCreatedDate());

        return true;
    }

    private function sendWelcomeEmail(string $email): void
    {
        $mail = new Mail();
        $mail->addRecipient($email);
        $mail->setSubject('Welcome to ' . $_ENV['APP_NAME']);
        $mail->setBodyFromTemplate('signup-noconfirm', [
            'EMAIL' => $email,
        ]);
        $mail->send();
    }

    private function sendPasswordResetEmail(string $email, string $token, DateTime $expires): void
    {
        $mail = new Mail();
        $mail->addRecipient($email);
        $mail->setSubject($_ENV['APP_NAME'] . ' - Password reset');
        $mail->setBodyFromTemplate('password-reset', [
            'EMAIL' => $email,
            'RESET_LINK' => $this->request->getBase() .
                \Container::$routeCollection->getRoute('password-reset')->generateLink(['token' => $token]),
            'EXPIRES' => $expires->format('Y-m-d H:i T')
        ]);
        $mail->send();
    }

    private function deleteRedirectUrl(): void
    {
        $this->request->session()->delete('redirect_after_login');
    }
}