// /static/verify.js (CSP-friendly, nessun upload file: usa /api/verify_by_digest)
const $ = s => document.querySelector(s);
const drop = $('#drop'), fi = $('#file'), meta = $('#meta');
const badge = $('#status'), digestEl = $('#digest'), stateEl = $('#state'), integEl = $('#integrity'), authEl = $('#auth'), rawEl = $('#raw');

drop.addEventListener('dragover', e => { e.preventDefault(); drop.classList.add('hover'); });
drop.addEventListener('dragleave', () => drop.classList.remove('hover'));
drop.addEventListener('drop', e => {
  e.preventDefault(); drop.classList.remove('hover');
  if (e.dataTransfer && e.dataTransfer.files && e.dataTransfer.files.length) {
    fi.files = e.dataTransfer.files;
    resetResult(); showMeta();
  }
});
fi.addEventListener('change', () => { resetResult(); showMeta(); });

function showMeta() {
  if (!fi.files || !fi.files[0]) { meta.textContent = ''; return; }
  const f = fi.files[0];
  meta.textContent = `File: ${f.name} • ${(f.size/1024/1024).toFixed(2)} MB • ${f.type || '?'}`;
}

function resetResult() {
  badge.classList.add('hidden');
  digestEl.textContent = '—';
  stateEl.textContent = '—';
  integEl.textContent = '—';
  authEl.textContent = '—';
  rawEl.textContent = 'Risultato...';
}

function applyBanner(state) {
  badge.classList.remove('hidden', 'ok', 'warn', 'err');
  if (state === 'VERIFIED') { badge.classList.add('ok');   badge.textContent = 'VERIFIED'; }
  else if (state === 'SIMILAR') { badge.classList.add('warn'); badge.textContent = 'SIMILAR'; }
  else { badge.classList.add('err');  badge.textContent = 'NOT VERIFIED'; }
}

function render(j, digest) {
  applyBanner(j.state || (j.ok ? 'VERIFIED' : 'NOT_VERIFIED'));
  digestEl.textContent = digest || j.actual_digest || '—';
  stateEl.textContent = j.state || '—';
  integEl.textContent = (j.integrity === true) ? 'OK' : (j.integrity === false ? 'FAIL' : '—');
  authEl.textContent  = (j.auth === true) ? 'OK' : (j.auth === false ? 'FAIL' : '—');
  rawEl.textContent = JSON.stringify(j, null, 2);
}

async function sha256HexOfFile(file) {
  const buf = await file.arrayBuffer();
  const hash = await crypto.subtle.digest('SHA-256', buf);
  const bytes = new Uint8Array(hash);
  let hex = '';
  for (let i = 0; i < bytes.length; i++) hex += bytes[i].toString(16).padStart(2, '0');
  return hex;
}

document.addEventListener('DOMContentLoaded', () => {
  const btn = document.querySelector('#verifyBtn');
  btn.onclick = async () => {
    if (!fi.files || !fi.files[0]) { alert('Seleziona un file'); return; }
    resetResult();
    const f = fi.files[0];

    try {
      const digest = await sha256HexOfFile(f);
      // POST JSON → /api/verify_by_digest (coerente con Nginx)
      const r = await fetch('/api/verify_by_digest', {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ digest })
      });

      const ct = r.headers.get('content-type') || '';
      const payload = ct.includes('application/json') ? await r.json() : { ok: r.ok, detail: await r.text() };

      if (!r.ok && !payload.state) {
        applyBanner('NOT_VERIFIED');
        stateEl.textContent = 'ERROR';
        rawEl.textContent = typeof payload === 'string' ? payload : JSON.stringify(payload, null, 2);
        return;
      }
      render(payload, digest);
    } catch (e) {
      applyBanner('NOT_VERIFIED');
      stateEl.textContent = 'ERROR';
      rawEl.textContent = String(e);
    }
  };
});