package auth

import (
	"net/http"

	"code.secondbit.org/uuid"
)

const getGrantTemplateName = "get_grant"

// GetGrantHandler presents and processes the page for asking a user to grant access
// to their data. See RFC 6749, Section 4.1.
func GetGrantHandler(w http.ResponseWriter, r *http.Request, context Context) {
	if r.URL.Query().Get("client_id") == "" {
		w.WriteHeader(http.StatusBadRequest)
		context.Render(w, getGrantTemplateName, map[string]interface{}{
			"error": "Client ID must be specified in the request.",
		})
		return
	}
	clientID, err := uuid.Parse(r.URL.Query().Get("client_id"))
	if err != nil {
		w.WriteHeader(http.StatusBadRequest)
		context.Render(w, getGrantTemplateName, map[string]interface{}{
			"error": "client_id is not a valid Client ID.",
		})
		return
	}
	client, err := context.GetClient(clientID)
	if err != nil {
		w.WriteHeader(http.StatusInternalServerError)
		context.Render(w, getGrantTemplateName, map[string]interface{}{
			"internal_error": err,
		})
		return
	}
	// whether a redirect URI is valid or not depends on the number of endpoints
	// the client has registered
	numEndpoints, err := context.CountEndpoints(clientID)
	if err != nil {
		w.WriteHeader(http.StatusInternalServerError)
		context.Render(w, getGrantTemplateName, map[string]interface{}{
			"internal_error": err,
		})
		return
	}
	redirectURI := r.URL.Query().Get("redirect_uri")
	var validURI bool
	if redirectURI != "" {
		// BUG(paddy): We really should normalize URIs before trying to compare them.
		validURI, err = context.CheckEndpoint(clientID, redirectURI)
		if err != nil {
			w.WriteHeader(http.StatusInternalServerError)
			context.Render(w, getGrantTemplateName, map[string]interface{}{
				"internal_error": err,
			})
			return
		}
	} else if redirectURI == "" && numEndpoints == 1 {
		// if we don't specify the endpoint and there's only one endpoint, the
		// request is valid, and we're redirecting to that one endpoint
		validURI = true
		endpoints, err := context.ListEndpoints(clientID, 1, 0)
		if err != nil {
			w.WriteHeader(http.StatusInternalServerError)
			context.Render(w, getGrantTemplateName, map[string]interface{}{
				"internal_error": err,
			})
			return
		}
		if len(endpoints) != 1 {
			validURI = false
		} else {
			redirectURI = endpoints[0].URI.String()
		}
	} else {
		validURI = false
	}
	if !validURI {
		w.WriteHeader(http.StatusBadRequest)
		context.Render(w, getGrantTemplateName, map[string]interface{}{
			"error": "The redirect_uri specified is not valid.",
		})
		return
	}
	if r.URL.Query().Get("response_type") != "code" {
		// TODO: redirect error
	}
	//scope := r.URL.Query().Get("scope")
	//state := r.URL.Query().Get("state")
	if r.Method == "POST" {
		// TODO: CSRF protection
		if r.PostFormValue("grant") == "approved" {
			// TODO: redirect
		} else {
			// TODO: redirect error
		}
	}
	w.WriteHeader(http.StatusOK)
	context.Render(w, getGrantTemplateName, map[string]interface{}{
		"client": client,
	})
}