package cmd

import (
	"context"
	"fmt"
	"os"

	"mydev/internal/checks"
	"mydev/internal/config"
	"mydev/internal/run"

	"github.com/spf13/cobra"
)

var authCmd = &cobra.Command{
	Use:   "auth",
	Short: "Check AWS MFA auth (awsmfa status)",
	Run: func(cmd *cobra.Command, args []string) {
		awsmfa := mustAWSMFA()
		s := checks.AWSAuth(context.Background(), awsmfa)
		if s.Authed {
			fmt.Printf("✓ AWS authed  %s\n", s.Detail)
			return
		}
		if s.Err != "" {
			fmt.Printf("✗ awsmfa error: %s\n", s.Err)
			os.Exit(1)
		}
		fmt.Println("✗ AWS NOT authed — run 'mydev auth login'")
		os.Exit(1)
	},
}

var authLoginCmd = &cobra.Command{
	Use:   "login",
	Short: "Re-authenticate (awsmfa auth) — prompts for MFA",
	Run: func(cmd *cobra.Command, args []string) {
		awsmfa := mustAWSMFA()
		if err := run.Stream("", awsmfa, "auth"); err != nil {
			fmt.Fprintln(os.Stderr, err)
			os.Exit(1)
		}
	},
}

// mustAWSMFA loads config and resolves the awsmfa path, exiting on error.
func mustAWSMFA() string {
	cfg, err := config.Load()
	if err != nil {
		fmt.Fprintln(os.Stderr, err)
		os.Exit(1)
	}
	awsmfa, err := cfg.AWSMFA()
	if err != nil {
		fmt.Fprintln(os.Stderr, err)
		os.Exit(1)
	}
	return awsmfa
}

func init() {
	authCmd.AddCommand(authLoginCmd)
	rootCmd.AddCommand(authCmd)
}