package server

import (
	"encoding/json"
	"net/http"
	"time"
)

type adminLoginRequest struct {
	Username string `json:"username"`
	Password string `json:"password"`
}

type adminLoginResponse struct {
	Token     string `json:"token"`
	ExpiresAt string `json:"expires_at"`
}

// AdminLoginHandler handles POST /v1/auth/login.
func AdminLoginHandler(loginClient LoginClient) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		var req adminLoginRequest
		if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
			writeAdminError(w, http.StatusBadRequest, "invalid request body")
			return
		}
		if req.Username == "" || req.Password == "" {
			writeAdminError(w, http.StatusBadRequest, "username and password required")
			return
		}

		token, expiresIn, err := loginClient.Login(req.Username, req.Password)
		if err != nil {
			writeAdminError(w, http.StatusUnauthorized, "authentication failed")
			return
		}

		expiresAt := time.Now().UTC().Add(time.Duration(expiresIn) * time.Second).Format(time.RFC3339)
		writeJSON(w, http.StatusOK, adminLoginResponse{
			Token:     token,
			ExpiresAt: expiresAt,
		})
	}
}

// AdminLogoutHandler handles POST /v1/auth/logout.
func AdminLogoutHandler() http.HandlerFunc {
	return func(w http.ResponseWriter, _ *http.Request) {
		// MCIAS token revocation is not currently supported.
		// The client should discard the token.
		w.WriteHeader(http.StatusNoContent)
	}
}

// AdminHealthHandler handles GET /v1/health.
func AdminHealthHandler() http.HandlerFunc {
	return func(w http.ResponseWriter, _ *http.Request) {
		writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
	}
}