'use server'

import { infer as zInfer } from 'zod'
import { LoginSchema } from '@/schemas'
import { signIn } from '@/config/auth'
import { DEFAULT_LOGIN_REDIRECT } from '@/config/routes'
import { AuthError } from 'next-auth'
import { getUserByEmail } from '@/data/user'
import { sendTwoFactorTokenEmail, sendVerificationEmail } from '@/actions/send-verification-email'
import { generateTwoFactorToken } from '@/lib/tokens'
import { deleteTwoFactorToken, getTwoFactorTokenByEmail } from '@/data/two-factor-token'
import {
  createTwoFactoComfirmation,
  deleteTwoFactoComfirmation,
  getTwoFactorConfirmationByUserId,
} from '@/data/two-factor-confirmation'
import journal from '@/actions/logger'

export const login = async (values: zInfer<typeof LoginSchema>) => {
  const validatedFields = LoginSchema.safeParse(values)

  if (!validatedFields.success) {
    return { error: 'auth.form.error.invalid_fields' }
  }

  const { email, password, code } = validatedFields.data

  const existingUser = await getUserByEmail(email)

  if (!existingUser || !existingUser.email || !existingUser.password) {
    return { error: 'auth.form.error.invalid_credentials' }
  }

  if (!existingUser.emailVerified) {
    return await sendVerificationEmail(existingUser.email, existingUser.name)
  }

  if (existingUser.isTwoFactorEnabled && existingUser.email) {
    if (code) {
      const twoFactorToken = await getTwoFactorTokenByEmail(existingUser.email)
      if (!twoFactorToken || twoFactorToken.token !== code) {
        return { error: 'auth.form.error.invalid_code' }
      }

      const hasExpired = new Date(twoFactorToken.expires) < new Date()
      if (hasExpired) {
        return { error: 'auth.form.error.expired_token' }
      }

      await deleteTwoFactorToken(twoFactorToken.id)

      const existingConfirmation = await getTwoFactorConfirmationByUserId(existingUser.id)

      if (existingConfirmation) {
        await deleteTwoFactoComfirmation(existingConfirmation.id)
      }

      await createTwoFactoComfirmation(existingUser.id)

    } else {
      const twoFactorToken = await generateTwoFactorToken(existingUser.email)

      if (twoFactorToken) {
        const isOk = await sendTwoFactorTokenEmail(twoFactorToken.email, twoFactorToken.token, existingUser.name)
        return { twoFactor: isOk }
      }
      console.error('ERROR.TYPE: could not send token')
      return { error: 'common.something_went_wrong' }
    }
  }

  try {
    await signIn('credentials', {
      email, password, redirectTo: DEFAULT_LOGIN_REDIRECT,
    })
  } catch (error) {
    if (error instanceof AuthError) {
      switch (error.type) {
        case 'CredentialsSignin':
          return { error: 'auth.form.error.invalid_credentials' }
        case 'AccessDenied':
          return { error: 'auth.form.error.access_denied' }
        default:
          console.error('ERROR.TYPE:', error.type)
          return { error: 'common.something_went_wrong' }
      }
    }
    // TODO: logging must be implemented
    throw error
  }
}

export const SignInProvider = async (provider: 'google' | 'github') => {
  await signIn(provider, {
    redirectTo: DEFAULT_LOGIN_REDIRECT,
  })
}