local sql = require("lsqlite3")

local db = require("db")
local queries = require("queries")

local stmnt_get_session, stmnt_insert_session, stmnt_delete_session

local oldconfigure = configure
function configure(...)
	stmnt_get_session = db.sqlassert(db.conn:prepare(queries.select_valid_sessions))
	stmnt_insert_session = db.sqlassert(db.conn:prepare(queries.insert_session))
	stmnt_delete_session = db.sqlassert(db.conn:prepare(queries.delete_session))
	return oldconfigure(...)
end

local session = {}

--[[
Retreive the name and authorid of the logged in person,
or nil+error message if not logged in
]]
function session.get(req)
	http_populate_cookies(req)
	local sessionid = http_request_cookie(req,"session")
	if sessionid == nil then
		return nil, "No session cookie passed by client"
	end
	stmnt_get_session:bind_names{
		key = sessionid
	}
	local err = db.do_sql(stmnt_get_session)
	if err ~= sql.ROW then
		stmnt_get_session:reset()
		return nil, "No such session by logged in users"
	end
	local data = stmnt_get_session:get_values()
	stmnt_get_session:reset()
	return data[1],data[2]
end

--[[
Start a session for someone who logged in
]]
function session.start(who)
	local rngf = assert(io.open("/dev/urandom","rb"))
	local session_t = {}
	for _ = 1,64 do
		local r = string.byte(rngf:read(1))
		local s = string.char((r % 26) + 65)
		table.insert(session_t,s)
	end
	local session_str = table.concat(session_t)
	rngf:close()
	stmnt_insert_session:bind_names{
		sessionid = session_str,
		authorid = who
	}
	local err = db.do_sql(stmnt_insert_session)
	stmnt_insert_session:reset()
	assert(err == sql.DONE, "Error should have been 'DONE', was: " .. tostring(err))
	return session_str
end

--[[
End a session, log someone out
]]
function session.finish(who,sessionid)
	stmnt_delete_session:bind_names{
		authorid = who,
		sessionid = sessionid
	}
	local err = db.do_sql(stmnt_delete_session)
	stmnt_delete_session:reset()
	assert(err == sql.DONE)
	return true

end

return session