Goit

// Copyright (C) 2023, Jakob Wakeling

// All rights reserved.

package user

import (

	"bytes"

	"fmt"

	"html/template"

	"log"

	"net/http"

	"slices"

	"github.com/Jamozed/Goit/src/goit"

	"github.com/gorilla/csrf"

)

func HandleEdit(w http.ResponseWriter, r *http.Request) {

	auth, user, err := goit.Auth(w, r, true)

	if err != nil {

		log.Println("[admin]", err.Error())

		goit.HttpError(w, http.StatusInternalServerError)

	}

	if !auth {

		goit.HttpError(w, http.StatusUnauthorized)

		return

	}

	data := struct {

		Title, MessageA, MessageB string

		Form struct{ Id, Name, FullName string }

		CsrfField template.HTML

	}{

		Title: "User - Edit",

		CsrfField: csrf.TemplateField(r),

	}

	data.Form.Id = fmt.Sprint(user.Id)

	data.Form.Name = user.Name

	data.Form.FullName = user.FullName

	if r.Method == http.MethodPost {

		if r.FormValue("submit") == "Update" {

			data.Form.Name = r.FormValue("username")

			data.Form.FullName = r.FormValue("fullname")

			if data.Form.Name == "" {

				data.MessageA = "Username cannot be empty"

			} else if slices.Contains(goit.Reserved, data.Form.Name) && user.Id != 0 || !goit.IsLegal(data.Form.Name) {

				data.MessageA = "Username \"" + data.Form.Name + "\" is illegal"

			} else if exists, err := goit.UserExists(data.Form.Name); err != nil {

				log.Println("[/user/edit]", err.Error())

				goit.HttpError(w, http.StatusInternalServerError)

				return

			} else if exists && data.Form.Name != user.Name {

				data.MessageA = "Username \"" + data.Form.Name + "\" is taken"

			} else if err := goit.UpdateUser(user.Id, goit.User{

				Name: data.Form.Name, FullName: data.Form.FullName, IsAdmin: user.IsAdmin,

			}); err != nil {

				log.Println("[/user/edit]", err.Error())

				goit.HttpError(w, http.StatusInternalServerError)

				return

			} else {

				http.Redirect(w, r, "/user/edit?m=a", http.StatusFound)

				return

			}

		} else if r.FormValue("submit") == "Update Password" {

			password := r.FormValue("password")

			newPassword := r.FormValue("new_password")

			confirmPassword := r.FormValue("confirm_password")

			if password == "" {

				data.MessageB = "Current Password cannot be empty"

			} else if newPassword == "" {

				data.MessageB = "New Password cannot be empty"

			} else if confirmPassword == "" {

				data.MessageB = "Confirm New Password cannot be empty"

			} else if newPassword != confirmPassword {

				data.MessageB = "New Password and Confirm Password do not match"

			} else if !bytes.Equal(goit.Hash(password, user.Salt), user.Pass) {

				data.MessageB = "Password incorrect"

			} else if err := goit.UpdatePassword(user.Id, newPassword); err != nil {

				log.Println("[/user/edit]", err.Error())

				goit.HttpError(w, http.StatusInternalServerError)

				return

			} else {

				http.Redirect(w, r, "/user/edit?m=b", http.StatusFound)

				return

			}

		} else {

			data.MessageA = "Invalid submit value"

		}

	}

	switch r.FormValue("m") {

	case "a":

		data.MessageA = "User updated successfully"

	case "b":

		data.MessageB = "Password updated successfully"

	}

	if err := goit.Tmpl.ExecuteTemplate(w, "user/edit", data); err != nil {

		log.Println("[/user/edit]", err.Error())

	}

}