<?php

namespace App\Http\Controllers;

use App\Http\Requests\AuthRequest;
use App\Http\Requests\ForgotPasswordRequest;
use App\Http\Requests\RefreshTokenRequest;
use App\Http\Requests\ResetPasswordRequest;
use App\Http\Requests\VerifyPasswordCodeRequest;
use Illuminate\Http\JsonResponse;
use App\Http\Resources\AuthResource;
use App\Services\AuthService;
use Illuminate\Http\Request;

class AuthController extends Controller
{
    public function __construct(protected AuthService $authService) {}

    public function login(AuthRequest $request): JsonResponse
    {
        $validated = $request->validated();

        $result = $this->authService->login(
            email: $validated["email"],
            password: $validated["password"],
            origem: $validated["origem"]
        );

        if (!$result) {
            return $this->errorResponse(message: __("auth.failed"), code: 401);
        }

        $cookieName = $this->getCookieName($request);

        return $this->successResponse(
            payload: new AuthResource($result["payload"]),
            message: __("auth.logged_in"),
        )->withCookie(
            cookie(
                $cookieName,
                $result["refreshToken"],
                config("sanctum.rt_expiration") * 60,
                "/",
                config("session.domain"),
                config("session.secure"),
                true,
                false,
                "Lax",
            ),
        );
    }

    public function forgotPassword(ForgotPasswordRequest $request): JsonResponse
    {
        $validated = $request->validated();

        $sent = $this->authService->forgotPassword(
            email: $validated['email'],
            portal: $validated['portal'] ?? 'franchisee',
        );

        if (!$sent) {
            return $this->errorResponse(message: __('auth.email_not_found'), code: 422);
        }

        return $this->successResponse(message: __('auth.password_reset_sent'));
    }

    public function verifyPasswordCode(VerifyPasswordCodeRequest $request): JsonResponse
    {
        $validated = $request->validated();

        $valid = $this->authService->verifyPasswordCode(
            email: $validated['email'],
            code: $validated['code'],
        );

        if (!$valid) {
            return $this->errorResponse(message: __('auth.invalid_code'), code: 422);
        }

        return $this->successResponse(message: __('auth.code_verified'));
    }

    public function resetPassword(ResetPasswordRequest $request): JsonResponse
    {
        $validated = $request->validated();

        $reset = $this->authService->resetPassword(
            email: $validated['email'],
            code: $validated['code'],
            password: $validated['password'],
        );

        if (!$reset) {
            return $this->errorResponse(message: __('auth.invalid_code'), code: 422);
        }

        return $this->successResponse(message: __('auth.password_reset_success'));
    }

    public function logout(Request $request): JsonResponse
    {
        $this->authService->logout();

        $cookieName = $this->getCookieName($request);

        return $this->successResponse(
            message: __("auth.logout"),
        )->withoutCookie($cookieName);
    }

    public function refresh(RefreshTokenRequest $request): JsonResponse
    {
        $cookieName = $this->getCookieName($request);
        $refresh_token = $request->cookie($cookieName);

        if (is_null($refresh_token)) {
            return $this->errorResponse(
                code: 403,
            )->withoutCookie($cookieName);
        }

        $result = $this->authService->refresh(
            $refresh_token
        );

        if (is_null($result)) {
            return $this->errorResponse(
                message: __("auth.unauthorized"),
                code: 403,
            )->withoutCookie($cookieName);
        }

        return $this->successResponse(
            payload: new AuthResource($result["payload"]),
        )->withCookie(
            cookie(
                $cookieName,
                $result["refreshToken"],
                config("sanctum.rt_expiration") * 60,
                "/",
                config("session.domain"),
                config("session.secure"),
                true,
                true,
                "Lax",
            ),
        );
    }

    /**
     * Resolves the dynamic cookie name based on the requesting application.
     */
    private function getCookieName(mixed $request): string
    {
        $appOrigin = $request->header("X-App-Origin", "default");
        return "{$appOrigin}_refresh_token";
    }
}