namespace IOL.BookmarkThing.Server.Api.Internal.Account;

public class UpdatePasswordRoute : RouteBaseInternalSync.WithRequest<UpdatePasswordRequest>.WithActionResult
{
	private readonly AppDbContext _context;

	public UpdatePasswordRoute(AppDbContext context) {
		_context = context;
	}

	[ApiVersionNeutral]
	[ApiExplorerSettings(IgnoreApi = true)]
	[HttpPost("~/v{version:apiVersion}/account/update-password")]
	public override ActionResult Handle(UpdatePasswordRequest payload) {
		if (payload.NewPassword.IsNullOrWhiteSpace()) {
			return BadRequest(new ErrorResult("Invalid request",
											  "The new password field is required"));
		}

		if (payload.NewPassword.Length < 6) {
			return BadRequest(new ErrorResult("Invalid request",
											  "The new password must contain atleast 6 characters"));
		}

		var user = _context.Users.SingleOrDefault(c => c.Id == LoggedInUser.Id);
		if (user == default) {
			HttpContext.SignOutAsync();
			return StatusCode(403);
		}

		user.HashAndSetPassword(payload.NewPassword);
		_context.SaveChanges();
		return Ok();
	}
}