-module(handler_user_me).
-include("records.hrl").

-export([init/2]).

init(Req, Opts) ->
  handle(Req, Opts).

handle(Req, _Opts) ->
  case cowboy_req:method(Req) of
    <<"GET">> ->
      case authenticate(Req) of
        {ok, UserId, Req1} ->
          case core_user:get_by_id(UserId) of
            {ok, User} ->
              Response = #{
                id => User#user.id,
                email => User#user.email,
                role => User#user.role,
                status => User#user.status,
                created_at => User#user.created_at,
                updated_at => User#user.updated_at
              },
              send_json(Req1, 200, Response);
            {error, not_found} ->
              send_error(Req1, 404, <<"User not found">>)
          end;
        {error, Code, Message, Req1} ->
          send_error(Req1, Code, Message)
      end;
    _ ->
      send_error(Req, 405, <<"Method not allowed">>)
  end.

authenticate(Req) ->
  case cowboy_req:parse_header(<<"authorization">>, Req) of
    {bearer, Token} ->
      case logic_auth:verify_jwt(Token) of
        {ok, Claims} ->
          UserId = maps:get(<<"user_id">>, Claims),
          {ok, UserId, Req};
        {error, expired} ->
          {error, 401, <<"Token expired">>, Req};
        {error, _} ->
          {error, 401, <<"Invalid token">>, Req}
      end;
    _ ->
      {error, 401, <<"Missing or invalid Authorization header">>, Req}
  end.

send_json(Req, Status, Data) ->
  Body = jsx:encode(Data),
  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).

send_error(Req, Status, Message) ->
  Body = jsx:encode(#{error => Message}),
  cowboy_req:reply(Status, #{<<"content-type">> => <<"application/json">>}, Body, Req).