#include "server/auth.h"
#include "server/response.h"
#include "server/util.h"

#include "db/auth.h"

#include "jwt/jwt.h"

#include <civetweb.h>

#include <cjson/cJSON.h>

#include <assert.h>
#include <stdlib.h>
#include <string.h>

typedef struct
{
    char* token;
    char* user_id;
} delete_form_t;

static void delete_form_dtor(delete_form_t* form)
{
    if (form->token) free(form->token);
    if (form->user_id) free(form->user_id);
}

static int field_found(const char* key, const char* filename, char* path, size_t pathlen, void* user_data)
{
    return MG_FORM_FIELD_HANDLE_GET;
}

static int field_get(const char* key, const char* value, size_t valuelen, void* user_data)
{
    delete_form_t* form = (delete_form_t*)user_data;
    if (strcmp(key, "token") == 0) {
        form->token = kqm_strndup(value, valuelen);
    } else if (strcmp(key, "user_id") == 0) {
        form->user_id = kqm_strndup(value, valuelen);
    }
    if (form->token && form->user_id) {
        return MG_FORM_FIELD_HANDLE_ABORT;
    }
    return MG_FORM_FIELD_HANDLE_GET;
}

int user_delete_handler(mg_connection* conn, void* cbdata)
{
    const mg_request_info* post_body = mg_get_request_info(conn);

    if (post_body == NULL) {
        res_null_req(conn);
        return 1;
    }

    if (strcmp(post_body->request_method, "POST")) {
        res_must_post(conn);
        return 1;
    }

    delete_form_t form = {NULL, NULL};

    mg_form_data_handler delete_callback = {
        .field_found = field_found,
        .field_get   = field_get,
        .field_store = NULL,
        .user_data   = &form,
    };

    mg_handle_form_request(conn, &delete_callback);

    if (!form.token) {
        res_need_token(conn);
        delete_form_dtor(&form);
        return 1;
    }
    if (!verify_token(form.token, secret)) {
        res_unauth(conn);
        delete_form_dtor(&form);
        return 1;
    }

    char* user_id = get_payload(form.token);
    if (!user_id) {
        res_permission_denied(conn);
        delete_form_dtor(&form);
        return 1;
    }

    if (form.user_id && strcmp(user_id, form.user_id)) {
        int perm1;
        int flag = get_user_permission(user_id, &perm1);
        if (!flag) {
            res_check_permission_fail(conn);
        }

        int perm2;
        flag = get_user_permission(form.user_id, &perm2);
        if (!flag) {
            res_check_permission_fail(conn);
        }

        if (perm1 < perm2) {
            int flag = delete_user(form.user_id);
            if (!flag) {
                res_delete_account_fail(conn);
            } else {
                res_delete_account(conn);
            }
        } else {
            res_permission_denied(conn);
        }
    } else {
        int flag = delete_user(user_id);
        if (!flag) {
            res_delete_account_fail(conn);
        } else {
            res_delete_account(conn);
        }
    }
    free(user_id);
    delete_form_dtor(&form);
    return 1;
}