<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Services\Auth\TwoFactorService;
use BaconQrCode\Renderer\Image\SvgImageBackEnd;
use BaconQrCode\Renderer\ImageRenderer;
use BaconQrCode\Renderer\RendererStyle\RendererStyle;
use BaconQrCode\Writer;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\View\View;

class TwoFactorController extends Controller
{
    public function setup(Request $request, TwoFactorService $twoFactor): View
    {
        $secret = $request->session()->get('two_factor_setup_secret');
        if (! $secret) {
            $secret = $twoFactor->generateSecret();
            $request->session()->put('two_factor_setup_secret', $secret);
        }

        $qrUrl = $twoFactor->qrUrl($request->user(), $secret);
        $writer = new Writer(new ImageRenderer(new RendererStyle(200), new SvgImageBackEnd));
        $qrSvg = $writer->writeString($qrUrl);

        return view('auth.two-factor-setup', [
            'secret' => $secret,
            'qrSvg' => $qrSvg,
        ]);
    }

    public function enable(Request $request, TwoFactorService $twoFactor): RedirectResponse
    {
        $request->validate(['code' => ['required', 'string', 'size:6']]);
        $secret = $request->session()->pull('two_factor_setup_secret');
        if (! $secret || ! $twoFactor->enable($request->user(), $secret, $request->input('code'))) {
            return back()->withErrors(['code' => 'Ungültiger Code. Bitte erneut versuchen.']);
        }

        $request->session()->put('two_factor_passed', true);

        return redirect()->route('dashboard')->with('success', 'Zwei-Faktor-Authentifizierung aktiviert.');
    }

    public function challenge(): View
    {
        return view('auth.two-factor-challenge');
    }

    public function verifyChallenge(Request $request, TwoFactorService $twoFactor): RedirectResponse
    {
        $request->validate(['code' => ['required', 'string']]);

        if (! $twoFactor->verify($request->user(), $request->input('code'))) {
            return back()->withErrors(['code' => 'Ungültiger Authentifizierungscode.']);
        }

        $request->session()->put('two_factor_passed', true);

        return redirect()->intended(route('dashboard'));
    }
}