using Femto.Api.Sessions;
using Femto.Common;
using Femto.Modules.Auth.Application.Services;
using Femto.Modules.Auth.Contracts;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;

namespace Femto.Api.Controllers.Auth;

[ApiController]
[Route("auth")]
public class AuthController(
    ICurrentUserContext currentUserContext,
    IAuthService authService
) : ControllerBase
{
    [HttpPost("login")]
    public async Task<ActionResult<LoginResponse>> Login(
        [FromBody] LoginRequest request,
        CancellationToken cancellationToken
    )
    {
        var result = await authService.GetUserWithCredentials(
            request.Username,
            request.Password,
            cancellationToken
        );
        
        if (result is null)
            return this.BadRequest();
        
        var (user, session) = result;
        
        HttpContext.SetSession(session, user);

        return new LoginResponse(user.Id, user.Username, user.Roles.Any(r => r == Role.SuperUser));
    }

    [HttpPost("register")]
    public async Task<ActionResult<RegisterResponse>> Register([FromBody] RegisterRequest request)
    {
        var (user, session) = await authService.CreateUserWithCredentials(request.Username, request.Password, request.SignupCode);

        HttpContext.SetSession(session, user);
        
        return new RegisterResponse(
            user.Id,
            user.Username,
            user.Roles.Any(r => r == Role.SuperUser)
        );
    }

    [HttpDelete("session")]
    public async Task<ActionResult> DeleteSession()
    {
        var sessionId = HttpContext.GetSessionId();

        if (sessionId is not null)
        {
            await authService.DeleteSession(sessionId);
            HttpContext.DeleteSession();
        }

        return Ok(new { });
    }

    [HttpGet("user/{userId}")]
    [Authorize]
    public async Task<ActionResult<GetUserInfoResult>> GetUserInfo(
        Guid userId,
        CancellationToken cancellationToken
    )
    {
        var currentUser = currentUserContext.CurrentUser;

        if (currentUser is null || currentUser.Id != userId)
            return this.BadRequest();

        var user = await authService.GetUserWithId(userId, cancellationToken);

        if (user is null)
            return this.BadRequest();

        return new GetUserInfoResult(
            user.Id,
            user.Username,
            user.Roles.Any(r => r == Role.SuperUser)
        );
    }

    [HttpPost("signup-codes")]
    [Authorize(Roles = "SuperUser")]
    public async Task<ActionResult> CreateSignupCode(
        [FromBody] CreateSignupCodeRequest request,
        CancellationToken cancellationToken
    )
    {
        await authService.AddSignupCode(request.Code, request.Name, cancellationToken);

        return Ok(new { });
    }

    [HttpGet("signup-codes")]
    [Authorize(Roles = "SuperUser")]
    public async Task<ActionResult<ListSignupCodesResult>> ListSignupCodes(
        CancellationToken cancellationToken
    )
    {
        var codes = await authService.GetSignupCodes(cancellationToken);

        return new ListSignupCodesResult(
            codes.Select(c => new SignupCodeDto(
                c.Code,
                c.Email,
                c.Name,
                c.RedeemedByUserId,
                c.RedeemedByUsername,
                c.ExpiresOn
            ))
        );
    }
}