package grpcserver

import (
	"context"
	"errors"

	mcdslauth "git.wntrmute.dev/kyle/mcdsl/auth"
	"google.golang.org/grpc/codes"
	"google.golang.org/grpc/status"

	pb "git.wntrmute.dev/kyle/mcns/gen/mcns/v1"
)

type authService struct {
	pb.UnimplementedAuthServiceServer
	auth *mcdslauth.Authenticator
}

func (s *authService) Login(_ context.Context, req *pb.LoginRequest) (*pb.LoginResponse, error) {
	token, _, err := s.auth.Login(req.Username, req.Password, req.TotpCode)
	if err != nil {
		if errors.Is(err, mcdslauth.ErrInvalidCredentials) {
			return nil, status.Error(codes.Unauthenticated, "invalid credentials")
		}
		if errors.Is(err, mcdslauth.ErrForbidden) {
			return nil, status.Error(codes.PermissionDenied, "access denied by login policy")
		}
		return nil, status.Error(codes.Unavailable, "authentication service unavailable")
	}
	return &pb.LoginResponse{Token: token}, nil
}

func (s *authService) Logout(_ context.Context, req *pb.LogoutRequest) (*pb.LogoutResponse, error) {
	if err := s.auth.Logout(req.Token); err != nil {
		return nil, status.Error(codes.Internal, "logout failed")
	}
	return &pb.LogoutResponse{}, nil
}