<?php

namespace App\Livewire\Auth;

use App\Models\TwoFactorRecoveryCode;
use App\Services\TotpService;
use Illuminate\Support\Facades\Auth;
use Livewire\Component;

class TwoFaChallenge extends Component
{
    public string $code    = '';
    public bool   $useRecovery = false;
    public ?string $error  = null;

    public function verify(): mixed
    {
        $this->error = null;
        $user = Auth::user();

        if ($this->useRecovery) {
            $this->validate(['code' => 'required|string']);

            if (!TwoFactorRecoveryCode::verifyAndConsume($user->id, strtoupper(trim($this->code)))) {
                $this->error = 'Ungültiger Recovery-Code.';
                return null;
            }
        } else {
            $this->validate(['code' => 'required|digits:6']);

            $secret = app(TotpService::class)->getSecret($user);
            if (!$secret || !app(TotpService::class)->verify($secret, $this->code)) {
                $this->error = 'Ungültiger Code. Bitte erneut versuchen.';
                return null;
            }
        }

        session()->put('2fa_verified', true);
        return redirect()->intended(route('ui.dashboard'));
    }

    public function render()
    {
        return view('livewire.auth.two-fa-challenge')
            ->layout('layouts.blank');
    }
}