<?php

namespace com\fwdekker\deathnotifier\validator;

use com\fwdekker\deathnotifier\Config;
use com\fwdekker\deathnotifier\IllegalArgumentError;


/**
 * Validates that the input equals the CLI password.
 */
class EqualsCliPasswordRule extends Rule
{
    /**
     * The key in the configuration at which the hash of the CLI password is stored.
     */
    public const CONFIG_KEY = "admin.cli_password";
    /**
     * The default value of the CLI password.
     */
    public const DEFAULT = "REPLACE THIS WITH A SECRET VALUE";


    /**
     * Validates that the input equals the CLI password.
     *
     * @param array<int|string, mixed> $inputs the list of inputs in which the value at {@see $key} should be checked
     * @param string $key the key in {@see $inputs} of the input to check
     * @return void if the checked input equals the CLI password
     * @throws InvalidInputException if the checked input does not equal the CLI password
     * @throws IllegalArgumentError if the CLI password is a blank string, if the CLI password is at its default value,
     * if the checked input is not set
     */
    public function check(array $inputs, string $key): void
    {
        if (!Config::has(self::CONFIG_KEY) || trim(Config::get(self::CONFIG_KEY)) === "")
            throw new IllegalArgumentError("The CLI is disabled because the CLI password is not set.");

        if (Config::get(self::CONFIG_KEY) === self::DEFAULT)
            throw new IllegalArgumentError("The CLI is disabled because the CLI password is set to the default.");

        if (!isset($inputs[$key]))
            throw new InvalidInputException("This operation requires the CLI password.", $key);

        if (!password_verify($inputs[$key], Config::get(self::CONFIG_KEY)))
            throw new InvalidInputException("Incorrect CLI password.", $key);
    }
}