<?php

require_once ('vn/web/json-request.php');
require_once ('vn/web/jwt.php');

const MIN   = 60;
const HOUR  = 60 * MIN;
const DAY   = 24 * HOUR;
const WEEK  = 7 * DAY;

class Login extends Vn\Web\JsonRequest
{
	function run ($db)
	{
		$this->updateCredentials ($db);

		if (isset ($_POST['remember']))
			$tokenLife = WEEK;
		else
			$tokenLife = 30 * MIN;

		$token = Vn\Web\Jwt::encode ([
			'userName' => $_SESSION['user'],
			'timestamp' => time (),
			'exp' => time () + $tokenLife
		]);

		return [
			'login' => TRUE,
			'token' => $token
		];
	}
	
	/**
	 * Updates the user credentials in other user databases like Samba.
	 **/
	function updateCredentials ($db)
	{
		$hasAccount = $db->getValue (
			'SELECT COUNT(*) > 0
				FROM account.user u
					JOIN account.account a ON u.id = a.id
				WHERE u.name = #',
			[$_SESSION['user']]
		);
		
		if (!$hasAccount)
			return;

		$sshConf = $db->getRow ('SELECT host, user, password FROM ssh_config');
	
		$ssh = ssh2_connect ($sshConf['host']);
		$sshOk = $ssh && ssh2_auth_password ($ssh,
			$sshConf['user'], base64_decode ($sshConf['password']));

		if (!$sshOk)
		{
			error_log ("Can't connect to SSH server {$sshConf['host']}");
			return;
		}
		
		$user = $this->escape ($_SESSION['user']);
		$pass = $this->escape ($_SESSION['password']);
		ssh2_exec ($ssh, "samba-tool user create \"$user\" \"$pass\"");
	}
	
	/**
	 * Escapes the double quotes from an string.
	 **/
	function escape ($str)
	{
		return str_replace ('"', '\\"', $str);
	}
}

?>