package middleware

import (
	"log"
	"net/http"
	"time"

	session "synlotto-website/internal/handlers/session"

	"synlotto-website/internal/platform/constants"
)

func SessionTimeout(next http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		sess, err := session.GetSession(w, r)
		if err != nil {
			http.Redirect(w, r, "/account/login", http.StatusSeeOther)
			return
		}

		last, ok := sess.Values["last_activity"].(time.Time)
		if !ok || time.Since(last) > constants.SessionDuration {
			sess.Options.MaxAge = -1
			_ = sess.Save(r, w)

			newSession, _ := session.GetSession(w, r)
			newSession.Values["flash"] = "Your session has timed out."
			_ = newSession.Save(r, w)

			log.Printf("Session timeout triggered")
			http.Redirect(w, r, "/account/login", http.StatusSeeOther)
			return
		}

		sess.Values["last_activity"] = time.Now().UTC()
		_ = sess.Save(r, w)

		next(w, r)
	}
}