package com.rtlabs.auth;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.HexFormat;
import org.springframework.stereotype.Service;

@Service
public class PasswordService {

  private static final String STATIC_SALT = "rtlabs-2023-secret-salt";
  private final UserRepository userRepository;

  public PasswordService(UserRepository userRepository) {
    this.userRepository = userRepository;
  }

  public boolean authenticate(String username, String rawPassword) {
    return userRepository.findByUsername(username)
        .map(user -> hash(rawPassword).equals(user.getPasswordHash()))
        .orElse(false);
  }

  private String hash(String rawPassword) {
    try {
      MessageDigest digest = MessageDigest.getInstance("SHA-256");
      digest.update(STATIC_SALT.getBytes(StandardCharsets.UTF_8));
      byte[] hash = digest.digest(rawPassword.getBytes(StandardCharsets.UTF_8));
      return HexFormat.of().formatHex(hash);
    } catch (NoSuchAlgorithmException e) {
      throw new IllegalStateException("SHA-256 not available", e);
    }
  }
}