using Microsoft.AspNetCore.Mvc;
using Microsoft.IdentityModel.Tokens;
using Security;
using System.IdentityModel.Tokens.Jwt;
using System.Security.Claims;
using System.Text;
using System.Web;

namespace IntegradorBE.Controllers
{
    [ApiController]
    [Route("[controller]")]
    public class AuthController : ControllerBase
    {
        private static readonly Encripter _encript = new();

        [HttpPost("Login")]
        public IActionResult Login()
        {
            try
            {
                var ip = "";

                if (HttpContext?.Connection?.RemoteIpAddress != null)
                    ip = HttpContext.Connection.RemoteIpAddress.ToString();


                if (String.IsNullOrWhiteSpace(ip))
                    ip = HttpContext?.Request.Headers["REMOTE_ADDR"];


                if (!_encript.IsValid) return BadRequest("Lectura inválida");
                if (String.IsNullOrWhiteSpace(ip)) return Unauthorized("Acceso no autorizado.");

                //Security key debe ser un environment variable seguro
                var secretKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(Encripter.HashKey));
                var signingCredentials = new SigningCredentials(secretKey, SecurityAlgorithms.HmacSha256);

                ClaimsIdentity claims = new ClaimsIdentity(new List<Claim>
                {
                    new Claim("IP", ip),
                    new Claim("permisos", _encript.EncryptHashTkn("externo") + "::-1")
                });


                var securityTokenDescriptor = new SecurityTokenDescriptor
                {
                    Subject = claims,
                    Expires = DateTime.Now.AddDays(20),
                    SigningCredentials = signingCredentials
                };

                var jwtSecurityTokenHandler = new JwtSecurityTokenHandler();
                var securityToken = jwtSecurityTokenHandler.CreateToken(securityTokenDescriptor);
                var token = jwtSecurityTokenHandler.WriteToken(securityToken);

                return Ok(new { 
                    token = Encripter.Cypher(token)
                });

            } catch (Exception e)
            {
                return BadRequest(e.Message);
            }
            
        }


        [HttpGet("Encriptar")]
        public IActionResult Encriptar(string text, int tipo)
        {
            if (!_encript.IsValid) return BadRequest("Lectura inválida");

            if (tipo == 0) return Ok(_encript.EncryptPwd(text));
            
            return Ok(_encript.EncryptHashTkn(text));
        }

        [HttpGet("Desencriptar")]
        public IActionResult Desencriptar(string text, int tipo)
        {
            if (!_encript.IsValid) return BadRequest("Lectura inválida");

            if (tipo == 0) return Ok(_encript.DecryptPwd(text));

            return Ok(_encript.DecryptHashTkn(text));
        }

    }

    public class LoginModel
    {
        public string? TX_CORREO_USUMS { get; set; }
        public string? TX_PASSWORD_USUMS { get; set; }
    }

}