package commands

import (
	"context"
	"encoding/gob"
	"log/slog"
	"os"
	"path/filepath"

	"github.com/nerdsec/goaes/internal"
	"github.com/urfave/cli/v3"
)

func Decrypt(ctx context.Context, cmd *cli.Command) error {
	source := cmd.StringArg("source")
	destination := cmd.StringArg("destination")

	if source == "" {
		return cli.Exit("missing source", 2)
	}

	if destination == "" {
		return cli.Exit("missing destination", 2)
	}

	source = filepath.Clean(source)
	file, err := os.Open(source)
	if err != nil {
		return err
	}
	defer func() {
		err := file.Close()
		if err != nil {
			slog.Error("failed to close file", "error", err)
		}
	}()

	enc := gob.NewDecoder(file)

	var encryptedPayload internal.EncryptedDataPayload

	err = enc.Decode(&encryptedPayload)
	if err != nil {
		return err
	}

	passphrase := os.Getenv(PassphraseEnvVar)

	plaintext, err := internal.Decrypt(passphrase, encryptedPayload.DEK, encryptedPayload.Payload, encryptedPayload.Salt)
	if err != nil {
		return err
	}

	err = os.WriteFile(destination, plaintext, fileMode)
	if err != nil {
		return err
	}

	return nil
}