using System.Security.Claims;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.RazorPages;
using SoroushAsadi.Services;

namespace SoroushAsadi.Pages.Admin;

public class LoginModel(AuthService auth) : PageModel
{
    public string Error { get; private set; } = "";

    public void OnGet() { }

    public async Task<IActionResult> OnPostAsync(string password, string returnUrl = "/Admin")
    {
        if (!auth.VerifyPassword(password))
        {
            Error = "Incorrect password.";
            return Page();
        }

        var claims = new[] { new Claim(ClaimTypes.Name, "admin") };
        var identity = new ClaimsIdentity(claims, CookieAuthenticationDefaults.AuthenticationScheme);
        await HttpContext.SignInAsync(
            CookieAuthenticationDefaults.AuthenticationScheme,
            new ClaimsPrincipal(identity));

        if (!Url.IsLocalUrl(returnUrl)) returnUrl = "/Admin";
        return LocalRedirect(returnUrl);
    }
}