package cmd

import (
	"fmt"
	"os"
	"os/signal"
	"syscall"

	"golang.org/x/term"
)

func promptPassword(username string) (string, error) {
	terminal, err := os.OpenFile("/dev/tty", os.O_RDWR, 0)
	if err != nil {
		return "", fmt.Errorf("cannot open terminal for password prompt\nhint: run 'kinit' for Kerberos auth")
	}

	oldState, err := term.MakeRaw(int(terminal.Fd()))
	if err != nil {
		return "", fmt.Errorf("setting terminal raw mode: %w", err)
	}

	sigCh := make(chan os.Signal, 1)
	signal.Notify(sigCh, os.Interrupt, syscall.SIGTERM)
	go func() {
		<-sigCh
		term.Restore(int(terminal.Fd()), oldState)
		os.Exit(1)
	}()

	fmt.Fprintf(terminal, "Password for %s: ", username)
	pw, err := term.ReadPassword(int(terminal.Fd()))
	fmt.Fprintf(terminal, "\r\n")
	signal.Stop(sigCh)
	term.Restore(int(terminal.Fd()), oldState)
	if err != nil {
		return "", fmt.Errorf("reading password: %w", err)
	}
	return string(pw), nil
}