<?php
// app/Services/Dav/LaravelSabreAuthBackend.php

namespace App\Services\Dav;

use App\Models\User;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Sabre\DAV\Auth\Backend\AbstractBasic;

class LaravelSabreAuthBackend extends AbstractBasic
{
    /** Sabre stores the authenticated principal URI here */
    protected ?string $currentUser = null;

    /**
     * Sabre calls this after extracting Basic-Auth credentials.
     * Return TRUE when the credentials are valid; FALSE otherwise.
     *
     * @param string|null $username
     * @param string|null $password
     */
    protected function validateUserPass($username, $password): bool
    {
        //\Log::debug('[DAV] auth called', ['u'=>$u]);
        //$this->currentUser = 'principals/' . (User::first()->id ?? 'dummy');
        //zreturn true;

        if (!$username) {
            return false; // no credentials supplied
        }

        // Allow login via e-mail OR the "short" user name
        $user = User::where('email', $username)
                    ->orWhere('name',  $username)
                    ->first();

        if (!$user || !Hash::check($password, $user->password)) {
            return false;                       // invalid creds
        }

        // Log the user into Laravel so policies / Auth::user() work
        Auth::setUser($user);

        // Tell Sabre which principal this login maps to (ULID-based)
        $this->currentUser = 'principals/' . $user->id;

        return true;
    }

    /**
     * Optional — Sabre may call this when it needs to know
     * who is currently authenticated.
     */
    public function getCurrentUser(): ?string
    {
        return $this->currentUser;
    }
}