using ApiSoftway.Models;
using ApiSoftway.Models.Gesa_DbContext;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.IdentityModel.Tokens;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;

namespace ApiSoftway.Controllers
{
    [Route("api/[controller]")]
    [ApiController]
    public class LoginController : ControllerBase
    {
        private readonly ILogger<LoginController> _logger;
        private readonly GESA_PERSONALE_DbContext _personale_context;
        private DbSet<Personale>? _personale;
        private readonly IConfiguration? _configuration;
        public LoginController(ILogger<LoginController> logger, GESA_PERSONALE_DbContext personale_context, IConfiguration? configuration)
        {
            _logger = logger;
            _personale_context = personale_context;
            _configuration = configuration;
        }

        /// <summary>Login iniziale return:ActionResult</summary>
        [HttpPost("loginPersonale")]
        public async Task<ActionResult<Login_out>> loginPersonale([FromBody] Login model)
        {
            Login_out o = new Login_out();
            try
            {
                if (string.IsNullOrEmpty(model.Username) || string.IsNullOrEmpty(model.Password))
                {
                    o.err_detail = "Username e Password non possono essere vuoti.";
                    o.err_title = "Username e Password non possono essere vuoti.";
                    o.err_status_code = "200";
                    return StatusCode(StatusCodes.Status200OK, o);
                }
                else
                {
                    _personale = _personale_context.Personale;
                    var pers=await _personale.Where(t=> t.Tcuser!=null && t.Tcuser.Equals(model.Username)&& t.Tcpwd!=null && t.Tcpwd.Equals(model.Password)).Take(1).ToListAsync();

                    if (pers == null || (pers != null && pers.Count == 0))
                    {
                        o.err_detail = "Username o Password non trovati.";
                        o.err_title = "Username o Password non trovati.";
                        o.err_status_code = "404";
                        return StatusCode(StatusCodes.Status404NotFound, o);
                    }
                    else
                    {
                        var authClaims = new List<Claim>
                        {
                            //new Claim(ClaimTypes.Name, model.Username),
                            new Claim(ClaimTypes.Name,pers.First().Tcuser),
                            new Claim(JwtRegisteredClaimNames.Jti, Guid.NewGuid().ToString()),
                            new Claim("user", pers.First().Tcuser),
                            new Claim("codice", pers.First().Catcodice),
                            new Claim("nome", pers.First().Catnome),
                        };
                        var authSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(_configuration["JWT:Secret"]));
                        var token = new JwtSecurityToken(
                            issuer: _configuration["JWT:ValidIssuer"],
                            audience: _configuration["JWT:ValidAudience"],
                            expires: DateTime.Now.AddMonths(3),
                            claims: authClaims,
                            signingCredentials: new SigningCredentials(authSigningKey, SecurityAlgorithms.HmacSha256)
                            );
                        string tok = new JwtSecurityTokenHandler().WriteToken(token);
                        o.Tok = tok;
                        o.Tccodice = pers.First().Catcodice;
                        o.Tcruolo = pers.First().Tcruolo;
                        o.Tcdescri = pers.First().Catnome;
                        return StatusCode(StatusCodes.Status200OK, o);
                    }
                }
            }
            catch (Exception ex)
            {
                string err = "Errore: " + ex.Message;
                o.err_detail = err;
                o.err_title = err;
                o.err_status_code = "200";
                return StatusCode(StatusCodes.Status500InternalServerError, o);
            }

        }
    }
}