#include <evapp/scaffold.h>

void handle_create(evapp_ctx *ctx) {
  char dbname[32];
  struct evbuffer *databuf;
  HDF *hdf;
  evapp_db *db;
  uint64_t id;
  struct timeval tv;
  bool saved = false;
  struct evhttp_request *request = evapp_request(ctx);

  if (request->type != EVHTTP_REQ_POST) {
    send_not_found(ctx, "Method disallowed for URI");
    return;
  }

  // returns a pointer back into the request object.
  if (!get_database_from_uri(request->uri, dbname, sizeof(dbname))) {
    send_not_found(ctx, "no valid object type was found");
    return;
  }

  if (!parse_query((char *)EVBUFFER_DATA(request->input_buffer),
                    EVBUFFER_LENGTH(request->input_buffer), false,
                    false, &hdf, NULL)) {
    send_not_found(ctx, "failed to parse data");
    return;
  }

  if (!hdf) {
    send_error(ctx, "something weird happened with your query");
    return;
  }

  // Now check the xsrf token
  if (!check_xsrf(ctx, hdf_get_value(hdf, "token", NULL))) {
    hdf_destroy(&hdf);
    send_forbidden(ctx, "invalid or missing request token");
    return;
  }

  // Create an id
  gettimeofday(&tv, NULL);
  id = tv.tv_sec;
  id <<= 31;
  id |= tv.tv_usec;

  // Validate input ... hah!


  db = evapp_db_select(ctx, dbname);
  if (db && db->save)
    // XXX: should these functions take their own db object?
    //      currently they waste cycles looking it up again..
    saved = db->save(ctx, id, hdf);

  if (!saved) {
    send_not_found(ctx, "unable to create object");
    return;
  }

  if (!template_render(ctx, hdf, "/create/", dbname))
    send_created(ctx, dbname, id);

  hdf_destroy(&hdf);
  return;
}