package web

import (
	"log"
	"net/http"

	"code.lila.network/adoralaura/go-urlsh/internal/constants"
	"code.lila.network/adoralaura/go-urlsh/internal/db"
	"code.lila.network/adoralaura/go-urlsh/internal/misc"
	"github.com/gofiber/fiber/v2"
)

// HandleAdminAccountMFARemove is a DELETE endpoint that handles the deletion
// of the logged in users MFA configuration.
//
// Returns HTTP 401 if no valid user cookie, HTTP 400 if no MFA is configured for the user,
// HTTP 500 if a DB error happened or HTTP 204 if the deletion request succeeded.
func HandleAdminAccountMFARemove(c *fiber.Ctx) error {

	if !db.IsCookieValid(c.Cookies(constants.LoginCookieName, "")) {
		c.Status(http.StatusUnauthorized)
		return nil
	}

	user, err := db.GetUserFromCookie(c.Cookies(constants.LoginCookieName))
	if err != nil {
		log.Println(err)
		return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
	}

	hasMfa, err := db.UserHasMFA(user)
	if err != nil {
		log.Println(err)
		return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
	}

	if !hasMfa {
		return misc.New400Error()
	}

	err = db.RemoveMFAFromDB(user)
	if err != nil {
		log.Println(err)
		return fiber.NewError(fiber.StatusInternalServerError, "500 Internal Server Error")
	}

	c.Status(fiber.StatusNoContent)
	return nil
}