<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Http\Request;

class TwoFactorActionController extends Controller
{
    /**
     * Handle the incoming request.
     */
    public function __invoke(Request $request)
    {
        if (! $request->user() || ! $request->user()->two_factor_secret) {
            return response()->json(['message' => 'Unauthorized'], 401);
        }

        $request->validate([
            'code' => ['required'],
        ]);

        // Mocking TOTP verification for now.
        if ($request->code === '123456') {
            $request->session()->put('auth.two_factor_confirmed_at', now()->timestamp);

            return response()->json([
                'redirect' => route('admin.dashboard'),
            ]);
        }

        return response()->json([
            'message' => 'The provided two factor code was invalid.',
        ], 422);
    }
}