<?php

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rules\Password;
use App\Http\Controllers\Api\BaseController as BaseController;
use Illuminate\Validation\ValidationException;

class AuthController extends BaseController
{
    public function register(Request $request): JsonResponse
    {
        try {
            $data = $request->validate([
                'name' => ['required', 'string', 'max:255'],
                'email' => ['required', 'string', 'email', 'max:255', 'unique:users,email'],
                'password' => ['required', Password::min(8)],

            ]);

            $user = User::create([
                'name' => $data['name'],
                'email' => $data['email'],
                'password' => $data['password'], // hashed via User model cast
            ]);

            $token = $user->createToken('api')->plainTextToken;

            return $this->sendResponse([
                'user' => $user,
                'token' => $token,
            ], 'User registered successfully.');

        } catch (ValidationException $e) {
            return $this->sendError('Validation Error.', $e->errors(), 422);
        } catch (\Exception $e) {
            return $this->sendError('Registration failed.', ['error' => $e->getMessage()], 500);
        }
    }

    public function login(Request $request): JsonResponse
    {
        try {
            $credentials = $request->validate([
                'email' => ['required', 'email'],
                'password' => ['required', 'string'],
            ]);

            /** @var User|null $user */
            $user = User::where('email', $credentials['email'])->first();

            if (! $user || ! Hash::check($credentials['password'], $user->password)) {
                return $this->sendError('Invalid credentials.', ['email' => ['The provided credentials are incorrect.']], 401);
            }

            $token = $user->createToken('api')->plainTextToken;

            return $this->sendResponse([
                'user' => $user,
                'token' => $token,
            ], 'Login successful.');

        } catch (ValidationException $e) {
            return $this->sendError('Validation Error.', $e->errors(), 422);
        } catch (\Exception $e) {
            return $this->sendError('Login failed.', ['error' => $e->getMessage()], 500);
        }
    }

    public function me(Request $request): JsonResponse
    {
        try {
            $user = $request->user();

            if (!$user) {
                return $this->sendError('Unauthenticated.', [], 401);
            }

            return $this->sendResponse($user, 'User retrieved successfully.');

        } catch (\Exception $e) {
            return $this->sendError('Failed to retrieve user.', ['error' => $e->getMessage()], 500);
        }
    }

    public function logout(Request $request): JsonResponse
    {
        try {
            $user = $request->user();

            if (!$user) {
                return $this->sendError('Unauthenticated.', [], 401);
            }

            if ($user->currentAccessToken()) {
                $user->currentAccessToken()->delete();
            }

            return $this->sendResponse([], 'Logged out successfully.');

        } catch (\Exception $e) {
            return $this->sendError('Logout failed.', ['error' => $e->getMessage()], 500);
        }
    }

    public function logoutAll(Request $request): JsonResponse
    {
        try {
            $user = $request->user();

            if (!$user) {
                return $this->sendError('Unauthenticated.', [], 401);
            }

            $user->tokens()->delete();

            return $this->sendResponse([], 'Logged out from all devices successfully.');

        } catch (\Exception $e) {
            return $this->sendError('Logout failed.', ['error' => $e->getMessage()], 500);
        }
    }
}