package helpers

import (
	"net/http"
	"time"

	"github.com/gorilla/sessions"
)

var store = sessions.NewCookieStore([]byte("super-secret-key")) // //ToDo make key global
const SessionTimeout = 30 * time.Minute

func init() {
	store.Options = &sessions.Options{
		Path:     "/",
		MaxAge:   86400 * 1,
		HttpOnly: true,
		Secure:   true,
		SameSite: http.SameSiteStrictMode,
	}
}

func GetSession(w http.ResponseWriter, r *http.Request) (*sessions.Session, error) {
	return store.Get(r, "session-name")
}

func IsSessionExpired(session *sessions.Session) bool {
	last, ok := session.Values["last_activity"].(time.Time)
	if !ok {
		return false
	}
	return time.Since(last) > SessionTimeout
}

func UpdateSessionActivity(session *sessions.Session, r *http.Request, w http.ResponseWriter) {
	session.Values["last_activity"] = time.Now()
	session.Save(r, w)
}

func AuthMiddleware(next http.HandlerFunc) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		session, _ := GetSession(w, r)

		if IsSessionExpired(session) {
			session.Options.MaxAge = -1
			session.Save(r, w)

			newSession, _ := GetSession(w, r)
			newSession.Values["flash"] = "Your session has timed out."
			newSession.Save(r, w)

			http.Redirect(w, r, "/login", http.StatusSeeOther)
			return
		}

		UpdateSessionActivity(session, r, w)

		next(w, r)
	}
}

func GetCurrentUserID(r *http.Request) (int, bool) {
	session, err := GetSession(nil, r)
	if err != nil {
		return 0, false
	}

	id, ok := session.Values["user_id"].(int)
	return id, ok
}