package main

import (
	"fmt"
	"net/http"
	"time"

	"github.com/dgrijalva/jwt-go"
	"gopkg.in/gin-gonic/gin.v1"
)

const (
	expiration = 72
	secret     = "uditapbzuditagscwxuqdflgzpbu´ßiaefnlmzeßtrubiadern"
)

func main() {
	router := gin.Default()

	router.LoadHTMLGlob("./templates/*")
	// Middleware
	//e.Use(middleware.Logger())
	//e.Use(middleware.Recover())
	//e.Use(middleware.Static("static"))

	router.GET("/login.html", login)
	a := router.Group("/api/v1")
	{
		a.GET("/login", func(c *gin.Context) {
			c.Redirect(http.StatusPermanentRedirect, "/login.html")
		})
		a.POST("/login", loginPost)

		// Unauthenticated routes
		a.GET("/check", func(c *gin.Context) {
			c.String(http.StatusOK, "Accessible")
		})
		a.GET("/hello", func(c *gin.Context) {
			c.String(http.StatusOK, "Hello, World!")
		})
	}

	// Restricted group
	r := a.Group("/restricted")
	{
		//r.Use(middleware.JWT([]byte(secret)))
		r.GET("", restricted)
	}

	router.Run(":1323")
}

func restricted(c *gin.Context) {
	//user, _ := c.Get("user") //.(*jwt.Token)
	//name := user.Claims["name"].(string)
	name := "jan"
	c.String(http.StatusOK, "Welcome "+name+"!")
}

func login(c *gin.Context) {
	if verifyLogin(c) {
		c.Redirect(http.StatusTemporaryRedirect, "/api/v1/hello")
		return
	}

	c.HTML(http.StatusOK, "login.html", nil)
}

func verifyLogin(c *gin.Context) bool {
	tokenString, err := c.Cookie("authentication")
	if err != nil {
		return false
	}

	token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
		if _, ok := token.Method.(*jwt.SigningMethodHMAC); !ok {
			return nil, fmt.Errorf("Unexpected signing method: %v", token.Header["alg"])
		}
		return []byte(secret), nil
	})

	if !verifyToken(token, err) {
		c.SetCookie("authentication", "", -1, "", "", false, false)
		return false
	}

	return true
}

func verifyToken(c *gin.Context, token jwt.Token, err error) bool {
	if err != nil {
		return false
	}

	claims, ok := token.Claims.(jwt.MapClaims)
	if !ok || !token.Valid {
		return false
	}

	if !claims.VerifyExpiresAt(time.Now().Unix(), true) {
		return false
	}

	return true
}

func loginPost(c *gin.Context) {
	username, _ := c.GetPostForm("username")
	password, _ := c.GetPostForm("password")

	if username != "jan" || password != "passwort" {
		c.AbortWithStatus(http.StatusUnauthorized)
		return
	}

	// Create token
	token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
		"usr":  "jan",
		"name": "Jan Bader",
		"exp":  time.Now().Add(time.Hour * expiration).Unix(),
	})

	// Generate encoded token and send it as response.
	t, err := token.SignedString([]byte(secret))
	if err != nil {
		c.AbortWithStatus(http.StatusUnauthorized)
	}

	maxAge := (int)((expiration * time.Hour).Seconds())
	c.SetCookie("authentication", t, maxAge, "", "", false, true)

	c.JSON(http.StatusOK, map[string]string{
		"token": t,
	})
	return

}