<?php

namespace App\Http\Controllers\User;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use League\CommonMark\Inline\Renderer\ImageRenderer;
use PragmaRX\Google2FA\Google2FA;

use BaconQrCode\Renderer\Image\SvgImageBackEnd;
use BaconQrCode\Renderer\RendererStyle\RendererStyle;
use BaconQrCode\Writer;
use App\Models\User;

class Google2FAController extends Controller
{
    /**
     * 显示双重验证设置页面
     *
     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
     */
    public function index()
    {
        $user = Auth::user();
        $google2fa = new Google2FA();

        // 如果用户尚未设置 Google2FA，则生成新的密钥
        if (empty($user->google2fa_secret)) {
            $user->google2fa_secret = $google2fa->generateSecretKey();
            $user->save();
        }

        // 生成二维码
        $qrCodeUrl = $google2fa->getQRCodeUrl(
            config('app.name', 'Laravel'),
            $user->email,
            $user->google2fa_secret
        );

        // 将二维码 URL 转换为 SVG 图像
        $renderer = new ImageRenderer(
            new RendererStyle(200),
            new SvgImageBackEnd()
        );
        $writer = new Writer($renderer);
        $qrCode = $writer->writeString($qrCodeUrl);

        return view('user.2fa.index', [
            'user' => $user,
            'qrCode' => $qrCode,
            'secret' => $user->google2fa_secret,
        ]);
    }

    /**
     * 启用双重验证
     *
     * @param Request $request
     * @return \Illuminate\Http\RedirectResponse
     */
    public function enable(Request $request)
    {
        $request->validate([
            'code' => 'required|numeric',
        ]);

        $user = Auth::user();
        $google2fa = new Google2FA();

        // 验证用户输入的验证码是否正确
        $valid = $google2fa->verifyKey($user->google2fa_secret, $request->code);

        if ($valid) {
            $user->google2fa_enable = true;
            $user->save();

            return redirect()->route('user.2fa.index')->with('success', '双重验证已成功启用！');
        }

        return redirect()->route('user.2fa.index')->with('error', '验证码无效，请重试！');
    }

    /**
     * 禁用双重验证
     *
     * @param Request $request
     * @return \Illuminate\Http\RedirectResponse
     */
    public function disable(Request $request)
    {
        $request->validate([
            'code' => 'required|numeric',
        ]);

        $user = Auth::user();
        $google2fa = new Google2FA();

        // 验证用户输入的验证码是否正确
        $valid = $google2fa->verifyKey($user->google2fa_secret, $request->code);

        if ($valid) {
            $user->google2fa_enable = false;
            $user->save();

            return redirect()->route('user.2fa.index')->with('success', '双重验证已成功禁用！');
        }

        return redirect()->route('user.2fa.index')->with('error', '验证码无效，请重试！');
    }

    /**
     * 验证双重验证码
     *
     * @param Request $request
     * @return \Illuminate\Http\RedirectResponse
     */
    public function verify(Request $request)
    {
        $request->validate([
            'code' => 'required|numeric',
        ]);

        // 从会话中获取用户 ID
        $userId = session('2fa_user_id');

        if (!$userId) {
            return redirect()->route('login');
        }

        $user = User::find($userId);

        if (!$user) {
            return redirect()->route('login');
        }

        $google2fa = new Google2FA();

        // 验证用户输入的验证码是否正确
        $valid = $google2fa->verifyKey($user->google2fa_secret, $request->code);

        if ($valid) {
            // 将验证状态存储在会话中
            session(['2fa_verified' => true]);

            // 清除会话中的用户 ID
            session()->forget('2fa_user_id');

            // 写入登录日志
            $controller = new \App\Http\Controllers\AuthController();
            $controller->addUserLoginLog($user->id, \App\Components\IP::getClientIp());

            // 更新登录信息
            $user->update(['last_login' => time()]);

            // 登录用户
            Auth::login($user);

            return redirect()->intended(route('userinfo'));
        }

        return redirect()->route('user.2fa.verify')->with('error', '验证码无效，请重试！');
    }

    /**
     * 显示验证页面
     *
     * @return \Illuminate\Contracts\View\Factory|\Illuminate\View\View
     */
    public function showVerifyForm()
    {
        return view('user.2fa.verify');
    }
}