using Microsoft.AspNetCore.DataProtection;
using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption;
using Microsoft.AspNetCore.DataProtection.AuthenticatedEncryption.ConfigurationModel;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore;
using OAuthServer;

var builder = WebApplication.CreateBuilder(args);

// Add logging to console
builder.Logging.AddConsole();

// Add services to the container.
builder.Services.AddControllers();
builder.Services.AddEndpointsApiExplorer();
builder.Services.AddSwaggerGen();

builder.Configuration.Sources.Clear();
builder.Services.AddDbContext<AppDbContext>(options => { options.UseSqlite("DataSource=db.sqlite3"); });

builder.Services.AddIdentity<IdentityUser, IdentityRole>(options => { options.Stores.MaxLengthForKeys = 128; })
    .AddEntityFrameworkStores<AppDbContext>()
    .AddDefaultTokenProviders();

builder.Services.Configure<IdentityOptions>(options =>
{

    // SignIn settings.
    options.SignIn.RequireConfirmedAccount = false;
    options.SignIn.RequireConfirmedEmail = false;
    options.SignIn.RequireConfirmedPhoneNumber = false;

    // Lockout settings.
    options.Lockout.DefaultLockoutTimeSpan = TimeSpan.FromMinutes(5);
    options.Lockout.MaxFailedAccessAttempts = 5;
    options.Lockout.AllowedForNewUsers = true;

    // Password settings.
    options.Password.RequireDigit = false;
    options.Password.RequireLowercase = false;
    options.Password.RequireNonAlphanumeric = false;
    options.Password.RequireUppercase = false;
    options.Password.RequiredLength = 1;
    options.Password.RequiredUniqueChars = 1;
});

builder.Services.ConfigureApplicationCookie(options =>
{
    // Cookie options
    options.Cookie.Name = "AuthCookie";
    options.Cookie.HttpOnly = true;

    options.ExpireTimeSpan = TimeSpan.FromHours(24);
    options.SlidingExpiration = true;
});

// Force Identity's security stamp to be validated every minute.
builder.Services.Configure<SecurityStampValidatorOptions>(options =>
{
    options.ValidationInterval = TimeSpan.FromMinutes(10);
});

// Set a more secure password hashing iteration count
builder.Services.Configure<PasswordHasherOptions>(option => { option.IterationCount = 100_000; });

builder.Services.AddDataProtection().UseCryptographicAlgorithms(new AuthenticatedEncryptorConfiguration()
{
    EncryptionAlgorithm = EncryptionAlgorithm.AES_256_CBC,
    ValidationAlgorithm = ValidationAlgorithm.HMACSHA256
});

// Add policy-based authorization
builder.Services.AddAuthorization(options =>
{
    // Require either role to authenticate as Contestant
    options.AddPolicy("User", policy => policy
        .RequireRole("User")
        .AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
    );

    // Require the External role to authenticate with a different authentication method
    options.AddPolicy("External", policy => policy
        .RequireRole("External")
        .AddAuthenticationSchemes(IdentityConstants.ApplicationScheme)
    );
});

var app = builder.Build();

// Configure the HTTP request pipeline.
if (app.Environment.IsDevelopment())
{
    app.UseSwagger();
    app.UseSwaggerUI();
}

app.MapControllers();

// Automatically apply migrations to database on startup
var scopeFactory = app.Services.GetRequiredService<IServiceScopeFactory>();
using (var scope = scopeFactory.CreateScope())
{
    using (var databaseContext = scope.ServiceProvider.GetRequiredService<AppDbContext>())
    {
        // Migrate the database
        databaseContext.Database.Migrate();
    }
}

app.Run();