package handler

import (
	"crypto/tls"
	"fmt"
	"net/smtp"

	"github.com/lor00x/goldap/message"
	ldap "github.com/vjeantet/ldapserver"

	"gt.kalli.st/czar/fsldap/config"
	"gt.kalli.st/czar/fsldap/utils"
)


var smtpHost = config.SmtpHostname
var smtpHostPort = fmt.Sprintf("%s:%s", smtpHost,config.SmtpPort)

var tlsconfig = &tls.Config {
        InsecureSkipVerify: true,
	ServerName: smtpHost,
}

func Bind(w ldap.ResponseWriter, m *ldap.Message) {
	r := m.GetBindRequest()
	res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
	name := string(r.Name())
	password := string(r.AuthenticationSimple())
	user := utils.GetUser(name)
	mail := utils.GetMail(user)
	auth := smtp.PlainAuth("", mail, password, smtpHost)
	client, error := smtp.Dial(smtpHostPort)
	if error != nil {
		res.SetResultCode(ldap.LDAPResultInvalidCredentials)
		res.SetDiagnosticMessage("invalid credentials")
		w.Write(res)
		return
	}
	client.StartTLS(tlsconfig)
	err := client.Auth(auth)
	if err != nil {
		res.SetResultCode(ldap.LDAPResultInvalidCredentials)
		res.SetDiagnosticMessage("invalid credentials")
		w.Write(res)
		return
	}
	w.Write(res)
}

func WhoAmI(w ldap.ResponseWriter, m *ldap.Message) {
	res := ldap.NewExtendedResponse(ldap.LDAPResultSuccess)
	w.Write(res)
}

func Search(w ldap.ResponseWriter, m *ldap.Message) {
	r := m.GetSearchRequest()	
	select {
	case <-m.Done:
		return
	default:
	}
	name := string(r.FilterString())
	if name == ""{
		return
	}
	user := utils.GetSearchUser(name)
	mail := utils.GetMail(user)
	attr := utils.GetLdapName(user)
	entry := ldap.NewSearchResultEntry(attr)
	entry.AddAttribute("mail", message.AttributeValue(mail))
	w.Write(entry)	
	response := ldap.NewSearchResultDoneResponse(ldap.LDAPResultSuccess)
	w.Write(response)	
}