using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using Microsoft.AspNetCore.Cors;
using Dapper;
using System.Data;
using System.Data.SqlClient;
using System.Web;
using System.Text;
using System.Net;
using System.Net.Http;
using System.Net.Http.Headers;
using Dapper.Contrib.Extensions;

using System.IO;
using System.Threading;
using System.Dynamic;
using NPOI;
using NPOI.HPSF;
using NPOI.HSSF;
using NPOI.HSSF.UserModel;
using NPOI.XSSF;
using NPOI.XSSF.UserModel;
using NPOI.POIFS;
using NPOI.Util;
using Microsoft.Extensions.Configuration;
using System.Security.Policy;
using NPOI.SS.Formula.Functions;
using static DbTableClass;
using System.Runtime.InteropServices.ObjectiveC;
using static System.Net.WebRequestMethods;
using System.Diagnostics.Eventing.Reader;


namespace Journeys_WantHome.Controllers
{



    [Route("BackEndApi")]
    public class AuthApiController : ControllerBase
    {
        private readonly IHttpContextAccessor _httpContextAccessor;

        DbConn dbConn = new DbConn();
        SqlConnection conn = new SqlConnection(GlobalClass.appsettings("ConnectionStrings:SQLConnectionString"));
        SqlConnection elabConn = new SqlConnection(GlobalClass.appsettings("ConnectionStrings:ElabConnectionString"));


        public AuthApiController(IHttpContextAccessor httpContextAccessor)
        {
            this._httpContextAccessor = httpContextAccessor;
        }

        [Route("signin")]
        public ActionResult Signin(FormCollection obj) {
            signinResult ret = new signinResult();

            string input_ID = obj["id"].ToString();
            string input_PWD = obj["pwd"].ToString();
            string input_isRemember = obj["remember"].ToString();

            string sys_ID = GlobalClass.appsettings("Admin:id");
            string sys_PWD = GlobalClass.Sha256(GlobalClass.appsettings("Admin:pwd"));

            //判斷是否為系統預設帳號
            if (input_ID == sys_ID)
            {
                if (input_PWD != sys_PWD)
                {
                    ret.ret = "no";
                    ret.err_code = "0001";
                    ret.message = "帳號或密碼錯誤!";
                    return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
                }

                token adminToken = new token();

                int intexpireMin = 20;

                if (input_isRemember == "Y")
                {
                    intexpireMin = 60 * 24 * 7;
                }

                string token_key = GlobalClass.CreateRandomCode(24);

                adminToken.user_uid = GlobalClass.appsettings("Admin:id");
                adminToken.token_isremember = input_isRemember;
                adminToken.token_key = token_key;
                adminToken.token_createdate = DateTime.Now;
                adminToken.token_expireddate = DateTime.Now.AddMinutes(intexpireMin);

                conn.Insert<token>(adminToken);

                CookieOptions options = new CookieOptions();

                options.Secure = true;
                options.Expires = DateTime.Now.AddMinutes(intexpireMin);

                HttpContext.Response.Cookies.Delete("token_key");

                _httpContextAccessor.HttpContext.Response.Cookies.Append("token_key", token_key, options);

                ret.ret = "yes";

                return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
            }
            else {
                //非系統帳號
                user webUser = conn.QueryFirstOrDefault<user>("select * from users where user_ishidden = 'N' and user_uid = @user_uid", new { user_uid = input_ID});

                if (webUser == null)
                {
                    ret.ret = "no";
                    ret.err_code = "0002";
                    ret.message = "系統無此帳號!";
                    return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
                }

                if (webUser.user_onjob == "N") {
                    ret.ret = "no";
                    ret.err_code = "0003";
                    ret.message = "此帳號已經離職，無法登入";
                    return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
                }

                if (webUser.user_type == "Y")
                {
                    if (input_PWD != webUser.user_pwd) {
                        ret.ret = "no";
                        ret.err_code = "0004";
                        ret.message = "密碼錯誤!";
                        return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
                    }
                }
                else
                {
                    new_userdata elabUser = elabConn.QueryFirstOrDefault<new_userdata>("select * from new_userdata where userid = @userid", new { userid = webUser.user_id});

                    if (input_PWD != GlobalClass.Sha256(elabUser.userpw)) {
                        ret.ret = "no";
                        ret.err_code = "0004";
                        ret.message = "密碼錯誤!";
                        return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
                    }

                    if (elabUser.onjob == 1) {
                        webUser.user_onjob = "N";

                        conn.Update(webUser);

                        ret.ret = "no";
                        ret.err_code = "0003";
                        ret.message = "此帳號已經離職，無法登入";
                        return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
                    }

                    token userToken = new token();

                    int intexpireMin = 20;

                    if (input_isRemember == "Y")
                    {
                        intexpireMin = 60 * 24 * 7;
                    }

                    string token_key = GlobalClass.CreateRandomCode(24);

                    userToken.user_uid = input_ID;
                    userToken.token_isremember = input_isRemember;
                    userToken.token_key = token_key;
                    userToken.token_createdate = DateTime.Now;
                    userToken.token_expireddate = DateTime.Now.AddMinutes(intexpireMin);

                    conn.Insert<token>(userToken);

                    CookieOptions options = new CookieOptions();

                    options.Secure = true;
                    options.Expires = DateTime.Now.AddMinutes(intexpireMin);

                    HttpContext.Response.Cookies.Delete("token_key");

                    _httpContextAccessor.HttpContext.Response.Cookies.Append("token_key", token_key, options);

                    ret.ret = "yes";

                    return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
                }
            }

            return Content(JsonConvert.SerializeObject(ret), "application/json;charset=utf-8");
        }  

        public class signinResult
        {
            public string ret = "no";
            public string err_code = "0000";
            public string message = "";
        }
    }
}