package validation

import (
	"errors"
	"strings"

	"golang.org/x/crypto/bcrypt"

	"edge-infra.dev/pkg/lib/crypto/randomizer"
)

var (
	MinimumPassLen        = 8
	MaximumPassLen        = 63
	MinimumSaltLen        = 16 // 16 bytes (128-bit) (sha512)
	MinimumHashIterations = 120000
	MinimumKeyLen         = 16 // bytes
	CharValidationError   = "\"invalid password, password can only include alphanumerical characters and special characters ~!@#%^&*_-+=`|'>(){}[]:;<,.? \""
)

func validatePwdChar(char rune) bool {
	return strings.ContainsRune(string(randomizer.ValidChars), char)
}

func ValidatePwdCharacters(pwd string) error {
	for _, char := range pwd {
		if !validatePwdChar(char) {
			return errors.New(CharValidationError)
		}
	}
	return nil
}

func ValidateCost(cost int) error {
	if cost < bcrypt.DefaultCost || cost > bcrypt.MaxCost {
		return InvalidCostError()
	}
	return nil
}

// Validation on upper and lower bounds of the password length
func ValidatePwdBounds(minLength, maxLength int) error {
	if err := ValidatePwdLen(maxLength); err != nil {
		return err
	}

	if err := ValidatePwdLen(minLength); err != nil {
		return err
	}

	if minLength >= maxLength {
		return InvalidPasswordLengthError()
	}

	return nil
}

func ValidatePwdLen(len int) error {
	switch {
	case len < MinimumPassLen:
		return InvalidPasswordLengthError()
	case len > MaximumPassLen:
		return InvalidPasswordLengthError()
	default:
		return nil
	}
}

func ValidateSaltLength(saltLength int) error {
	if saltLength < MinimumSaltLen {
		return InvalidSaltLengthError()
	}
	return nil
}

func ValidateIterationLen(iterations int) error {
	if iterations < MinimumHashIterations {
		return InvalidHashIterationsError()
	}
	return nil
}

func ValidateKeyLen(keyLength, saltLength int) error {
	if keyLength < MinimumKeyLen || keyLength < saltLength {
		return InvalidKeyLengthError()
	}
	return nil
}