namespace IOL.GreatOffice.Api.Endpoints.Internal.Account;

public class DeleteAccountRoute : RouteBaseAsync.WithoutRequest.WithActionResult
{
    private readonly MainAppDatabase _database;
    private readonly UserService _userService;

    public DeleteAccountRoute(MainAppDatabase database, UserService userService) {
        _database = database;
        _userService = userService;
    }

    /// <summary>
    /// Delete the logged on user's account.
    /// </summary>
    /// <param name="cancellationToken"></param>
    /// <returns></returns>
    [HttpDelete("~/_/account/delete")]
    public override async Task<ActionResult> HandleAsync(CancellationToken cancellationToken = default) {
        var user = _database.Users.SingleOrDefault(c => c.Id == LoggedInUser.Id);
        if (user == default) {
            await _userService.LogOutUser(HttpContext);
            return Unauthorized();
        }

        if (user.Username == "demo@demo.demo") {
            await _userService.LogOutUser(HttpContext);
            return Ok();
        }

        var passwordResets = _database.ForgotPasswordRequests.Where(c => c.UserId == user.Id);

        _database.ForgotPasswordRequests.RemoveRange(passwordResets);
        _database.Users.Remove(user);

        await _database.SaveChangesAsync(cancellationToken);
        await _userService.LogOutUser(HttpContext);
        return Ok();
    }
}