<?php
namespace App\Controllers;

use Core\View;
use App\Models\Access;
use App\Models\ClientSession;
use Core\Token;
use Core\Session;
use Core\Redirect;
use Core\Hash;
use Core\XSS;
use Defuse\Crypto\Crypto;
use Defuse\Crypto\Key;

class Home
{

    /* Routes */
    public function index()
    {
        $posts = new Posts();
        $posts->index();
    }

    public function login($args = [])
    {

        // Login
        if ($args) {
            $logged_in = ['status' => false];

            // Avoid XSS
            $args['exclude'] = [
                'password'
            ];
            $args = XSS::avoid($args);

            $username = $args['username'];
            $password = $args['password'];

            $user = Access::showAll([
                ['username', '=', $username],
                ['flag', '=', 0]
            ]);

            if ($user == false) {
                $info = "Username/password salah";
                $logged_in['status'] = $info;
            } else {
                $hash = Hash::compare($password, $user['salt'], $user['password']);

                if ($hash == true) {
                    if ($user['flag'] != 0) {
                        $info = "User telah login";
                    } else {
                        if (Access::update(['flag' => 1], $user['id'])) {
                            $ip_address = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];

                            ClientSession::entry([
                                'ip_address' => $ip_address,
                                'uid' => $user['id']
                            ]);
                            $session = ClientSession::fetch(['uid' => $user['id']]);
                            setcookie('signal', $user['privilege']);

                            $info = "Berhasil masuk";
                            $logged_in['status'] = true;
                            $logged_in['redirect_to'] = '/?s='.$session['id']."&u=".$session['uid'];
                        }
                    }
                } else {
                    $info = "Username/password salah";
                    $logged_in['status'] = $info;
                }
            }
            if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
                echo json_encode($logged_in); die();
            }
            Session::flash('info', $info);
            Redirect::to('/');
            die();
        } else {
            View::render('Access/login.html', [
                'token' => Token::generate()
            ]);
        }
    }

    public function logout($id = '') {
        $logged_out = ['status' => false];
        try {
            if ($id) {
                $this->delete($id);
            } else {
                $this->delete();
            }

            session_destroy();
            header('X-Token: ');
            setcookie('signal', '', time()-3600);

            $info = "Berhasil keluar";
            $logged_out['status'] = true;
            $logged_out['redirect_to'] = '/';
        } catch (\Exception $e) {
            $logged_out['status'] = $e->getMessage();
        }

        if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
            echo json_encode($logged_out);die();
        }
        // Session::flash('info', $info);
        // Redirect::to('/');
    }

    public function register()
    {
        if (Session::exists('userid') && Session::get('privilege') == 1) {
            View::render('Access/registrasi.html', [
                'token' => Token::generate()
            ]);
        } else {
            throw new \Exception("Bad Request", 400);
        }
    }

    /* Methods */
    public function post($args = [])
    {
        $registered = [];
        foreach ($args as $value) {
            if ($value == '') {
                $info = 'Semua data harus diisi';
                $registered['status'] = 'false';
                $registered['message'] = $info;
                if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
                    echo json_encode($registered);die();
                }
                Session::flash('info', $info);
                Redirect::to('./register');
                die();
            }
        }

        $date = new \DateTime();
        $now = $date->format('Y-m-d');
        $args['registered_at'] = $now;

        $salt = Hash::salt();
        $password = Hash::make($args['password'], $salt);
        $args['salt'] = $salt;
        $args['password'] = $password;

        // Avoid XSS attack
        // Exclude password and salt
        $args['exclude'] = [
            'salt',
            'password'
        ];
        $args = XSS::avoid($args);

        $data = Access::showAll();
        foreach ($data as $users) {
            if (is_array($users)) {
                $known_uname = $users['username'];
            } else {
                $known_uname = $data['username'];
            }
            if ($args['username'] == $known_uname) {
                $info = 'Username telah digunakan. Silahkan gunakan username lain';
                $registered['status'] = false;
                $registered['message'] = $info;
                if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
                    echo json_encode($registered);die();
                }
                Session::flash('info', $info);
                Redirect::to('./register');
                die();
            }
        }

        Access::entry($args);
        if (isset($_SERVER['HTTP_CLIENT']) && $_SERVER['HTTP_CLIENT'] == 'api') {
            echo json_encode([
                'status' => true,
                'route_to' => ''
            ]);die();
        }
        Session::flash('info', 'Registrasi berhasil');
        Redirect::to('/');
        die();
    }

    public function delete($id = '')
    {
        if ($id) {
            $uid = $id;
        // } elseif (isset($_SERVER['HTTP_X_TOKEN'])) {
        //     $token = Token::fetch($_SERVER['HTTP_X_TOKEN']);
        //     if ($token == '') {
        //         throw new \Exception("Token invalid");
        //     }
        //     $uid = $token['uid'];
        } elseif (isset($_SERVER['HTTP_X_QUERY'])) {
            $query_string = $_SERVER['HTTP_X_QUERY'];
            $exploded = explode('&', $query_string);
            $uid = $exploded[1];
            $uid = explode('=', $uid);
            $uid = $uid[1];
        }

        $ip = isset($_SERVER['HTTP_X_FORWADED_FOR']) ? $_SERVER['HTTP_X_FORWADED_FOR'] : $_SERVER['REMOTE_ADDR'];

        ClientSession::remove($ip, $uid);
        Access::update(['flag' => 0], $uid);
        return true;
    }

    // Branch mithril test
    public function mithril() {
        if (Session::exists('userid')) {
            $user['id'] = Session::get('userid');
            $user['username'] = Session::get('username');
            $user['full_name'] = Session::get('full_name');
            $user['privilege'] = Session::get('privilege');
        } else {
            $user = false;
        }

        View::render('Data/mithril.html', [
            'user' => $user
        ]);
    }
}