namespace IOL.GreatOffice.Api.Endpoints.Internal.Account;

public class LoginRoute : RouteBaseAsync
		.WithRequest<LoginPayload>
		.WithActionResult
{
	private readonly AppDbContext _context;
	private readonly UserService _userService;

	/// <inheritdoc />
	public LoginRoute(AppDbContext context, UserService userService) {
		_context = context;
		_userService = userService;
	}

	/// <summary>
	/// Login a user.
	/// </summary>
	/// <param name="request"></param>
	/// <param name="cancellationToken"></param>
	/// <returns></returns>
	[AllowAnonymous]
	[HttpPost("~/_/account/login")]
	public override async Task<ActionResult> HandleAsync(LoginPayload request, CancellationToken cancellationToken = default) {
		if (!ModelState.IsValid) {
			return BadRequest(ModelState);
		}

		var user = _context.Users.SingleOrDefault(u => u.Username == request.Username);
		if (user == default || !user.VerifyPassword(request.Password)) {
			return BadRequest(new ErrorResult("Invalid username or password"));
		}

		await _userService.LogInUser(HttpContext, user, request.Persist);
		return Ok();
	}
}