using System.Web;
using Portoa.Web.Security;
using Portoa.Web.Session;
using VideoGameQuotes.Api;
using VideoGameQuotes.Api.Persistence;

namespace VideoGameQuotes.Web.Security {
	public class SessionBasedUserProvider : ICurrentUserProvider<User> {
		private readonly IUserService userService;
		private readonly ISessionStore sessionStore;
		private readonly HttpContextBase httpContext;

		public SessionBasedUserProvider(IUserService userService, ISessionStore sessionStore, HttpContextBase httpContext) {
			this.userService = userService;
			this.sessionStore = sessionStore;
			this.httpContext = httpContext;
		}

		public User CurrentUser {
			get {
				var user = sessionStore["user"] as User;

				if (user == null) {
					//if we're logged in, then use the authenticated user (this inconsistency between cookie/session occurs when the app restarts)
					if (httpContext.Request.IsAuthenticated) {
						user = userService.FindByUsername(httpContext.User.Identity.Name);
					} else {
						//identify user by IP address
						var ipAddress = httpContext.Request.UserHostAddress;
						if (string.IsNullOrEmpty(ipAddress)) {
							return null;
						}

						user = userService.FindByIpAddress(ipAddress);
						if (user == null) {
							user = new User {
								IpAddress = ipAddress,
								Group = UserGroup.User
							};

							user = userService.Save(user);
						}
					}

					sessionStore["user"] = user;
				}

				return user;
			}
		}
	}
}