namespace IOL.GreatOffice.Api.Endpoints.Internal.Account;

public class LoginRoute : RouteBaseAsync.WithRequest<LoginPayload>.WithActionResult
{
    private readonly MainAppDatabase _database;
    private readonly UserService _userService;

    public LoginRoute(MainAppDatabase database, UserService userService) {
        _database = database;
        _userService = userService;
    }

    /// <summary>
    /// Login a user.
    /// </summary>
    /// <param name="request"></param>
    /// <param name="cancellationToken"></param>
    /// <returns></returns>
    [AllowAnonymous]
    [HttpPost("~/_/account/login")]
    public override async Task<ActionResult> HandleAsync(LoginPayload request, CancellationToken cancellationToken = default) {
        if (!ModelState.IsValid) {
            return BadRequest(ModelState);
        }

        var user = _database.Users.SingleOrDefault(u => u.Username == request.Username);
        if (user == default || !user.VerifyPassword(request.Password)) {
            return BadRequest(new KnownProblemModel("Invalid username or password"));
        }

        await _userService.LogInUser(HttpContext, user, request.Persist);
        return Ok();
    }
}