<?php

namespace App\Services;

use App\Enums\UserTypeEnum;
use App\Mail\PasswordResetCodeMail;
use App\Models\User;
use App\Models\PersonalAccessToken;
use Carbon\Carbon;
use Exception;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Str;

class AuthService
{
    public function login(string $email, string $password, string $origem): ?array
    {
        if (!Auth::attempt(["email" => $email, "password" => $password])) {
            return null;
        }

        $user = User::where("email", $email)->first();

        if ($origem === 'admin') {
            if ($user->user_type !== UserTypeEnum::ADMIN) {
                throw new Exception('credenciais invalidas para acesso de franqueadora');
            }
        }

        $deviceId = Str::uuid()->toString();

        $accessToken = $user->createAccessToken($deviceId);
        $refreshToken = $user->createRefreshToken($deviceId);

        return [
            "payload" => [
                "access_token" => $accessToken,
                "user" => $user,
            ],
            "refreshToken" => $refreshToken,
        ];
    }

    public function refresh(string $refreshToken): ?array
    {
        if (!$refreshToken) {
            return null;
        }

        $tokenModel = PersonalAccessToken::findToken($refreshToken);

        if (
            !$tokenModel ||
            !in_array("refresh", $tokenModel->abilities) ||
            $tokenModel->expires_at < now()
        ) {
            return null;
        }

        $user = $tokenModel->tokenable;
        if (!$user) {
            return null;
        }

        $deviceId = Str::afterLast($tokenModel->name, "_");

        $tokens = $this->refreshTokenTransaction($tokenModel, $user, $deviceId);

        return [
            "payload" => [
                "access_token" => $tokens["access_token"],
                "user" => $user,
            ],
            "refreshToken" => $tokens["refresh_token"],
        ];
    }

    public function forgotPassword(string $email): bool
    {
        $user = User::where('email', $email)->first();

        if (!$user) {
            return false;
        }

        $code = str_pad((string) random_int(0, 999999), 6, '0', STR_PAD_LEFT);

        DB::table('password_reset_tokens')->updateOrInsert(
            ['email' => $email],
            [
                'token'      => $code,
                'created_at' => now(),
                'expires_at' => now()->addMinutes(30),
            ]
        );

        $recoveryLink = config('app.franchisee_url') . '/recovery-password?email=' . urlencode($email);

        Mail::to($email)->send(new PasswordResetCodeMail($code, $recoveryLink));

        return true;
    }

    public function resetPassword(string $email, string $code, string $password): bool
    {
        if (!$this->verifyPasswordCode($email, $code)) {
            return false;
        }

        $user = User::where('email', $email)->first();

        if (!$user) {
            return false;
        }

        $user->update(['password' => $password]);

        DB::table('password_reset_tokens')->where('email', $email)->delete();

        return true;
    }

    public function verifyPasswordCode(string $email, string $code): bool
    {
        $record = DB::table('password_reset_tokens')
            ->where('email', $email)
            ->where('token', $code)
            ->first();

        if (!$record) {
            return false;
        }

        if (Carbon::parse($record->expires_at)->isPast()) {
            return false;
        }

        return true;
    }

    public function logout(): void
    {
        $user = Auth::user();
        if (!$user) {
            return;
        }

        $tokenName = $user->currentAccessToken()->name;
        $deviceId = Str::afterLast($tokenName, "_");

        $user
            ->tokens()
            ->where("name", "like", "%_{$deviceId}")
            ->delete();
    }

    protected function refreshTokenTransaction(
        PersonalAccessToken $tokenModel,
        User $user,
        string $deviceId,
    ): array {
        return DB::transaction(function () use (
            $tokenModel,
            $user,
            $deviceId,
        ): array {
            $tokenModel->update(["expires_at" => Carbon::now()]);

            $accessToken = $user->createAccessToken($deviceId);
            $refreshToken = $user->createRefreshToken($deviceId);

            return [
                "access_token" => $accessToken,
                "refresh_token" => $refreshToken,
            ];
        });
    }
}