package ldap

import (
	"fmt"
	"log"

	"github.com/go-ldap/ldap"
	auth "imuslab.com/arozos/mod/auth"
	reg "imuslab.com/arozos/mod/auth/register"
	db "imuslab.com/arozos/mod/database"
)

type ldapHandler struct {
	ag *auth.AuthAgent
}

const (
	BindUsername = "uid=root,cn=users,dc=dsm"
	BindPassword = "12345678"
	FQDN         = "192.168.1.147"
	BaseDN       = "cn=users,dc=dsm"
	Filter       = "(objectClass=*)"
)

//NewOauthHandler xxx
func NewLdapHandler(authAgent *auth.AuthAgent, register *reg.RegisterHandler, coreDb *db.Database) *ldapHandler {
	err := coreDb.NewTable("oauth")
	if err != nil {
		log.Println("Failed to create oauth database. Terminating.")
		panic(err)
	}

	NewlyCreatedOauthHandler := ldapHandler{
		ag: authAgent,
	}

	return &NewlyCreatedOauthHandler
}

func (handler *ldapHandler) Ldap() {
	// Non-TLS Connection
	l, err := handler.Connect()
	if err != nil {
		log.Fatal(err)
	}
	defer l.Close()

	// Normal Bind and Search
	result, err := handler.BindAndSearch(l)
	if err != nil {
		log.Fatal(err)
	}
	for _, v := range result.Entries {
		v.PrettyPrint(4)
	}
}

// Ldap Connection without TLS
func (handler *ldapHandler) Connect() (*ldap.Conn, error) {
	// You can also use IP instead of FQDN
	l, err := ldap.DialURL(fmt.Sprintf("ldap://%s:389", FQDN))
	if err != nil {
		return nil, err
	}

	return l, nil
}

// Normal Bind and Search
func (handler *ldapHandler) BindAndSearch(l *ldap.Conn) (*ldap.SearchResult, error) {
	l.Bind(BindUsername, BindPassword)

	searchReq := ldap.NewSearchRequest(
		BaseDN,
		//ldap.ScopeBaseObject, // you can also use ldap.ScopeWholeSubtree
		ldap.ScopeWholeSubtree,
		ldap.NeverDerefAliases,
		0,
		0,
		false,
		Filter,
		[]string{"uid", "memberOf"},
		nil,
	)
	result, err := l.Search(searchReq)
	if err != nil {
		return nil, fmt.Errorf("Search Error: %s", err)
	}

	if len(result.Entries) > 0 {
		return result, nil
	} else {
		return nil, fmt.Errorf("Couldn't fetch search entries")
	}
}