use actix_identity::Identity;
use actix_web::{web, HttpRequest, HttpResponse, Responder};
use webauthn_rs::prelude::PublicKeyCredential;

use crate::data::session_identity::{SessionIdentity, SessionStatus};
use crate::data::webauthn_manager::WebAuthManagerReq;

#[derive(serde::Deserialize)]
pub struct AuthWebauthnRequest {
    opaque_state: String,
    credential: PublicKeyCredential,
}

pub async fn auth_webauthn(
    id: Identity,
    req: web::Json<AuthWebauthnRequest>,
    manager: WebAuthManagerReq,
    http_req: HttpRequest,
) -> impl Responder {
    if !SessionIdentity(Some(&id)).need_2fa_auth() {
        return HttpResponse::Unauthorized().json("No 2FA required!");
    }

    let user_id = SessionIdentity(Some(&id)).user_id();

    match manager.finish_authentication(&user_id, &req.opaque_state, &req.credential) {
        Ok(_) => {
            SessionIdentity(Some(&id)).set_status(&http_req, SessionStatus::SignedIn);
            HttpResponse::Ok().body("You are authenticated!")
        }
        Err(e) => {
            log::error!("Failed to authenticate user using webauthn! {:?}", e);
            HttpResponse::InternalServerError().body("Failed to validate security key!")
        }
    }
}