<?php

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Http\Request;
use Illuminate\Http\JsonResponse;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\Rules\Password;
use App\Http\Controllers\Api\BaseController as BaseController;
use Illuminate\Validation\ValidationException;

class AuthController extends BaseController
{
    public function register(Request $request): JsonResponse
    {
        try {
            $data = $request->validate([
                'name' => ['required', 'string', 'max:255'],
                'email' => ['required', 'string', 'email', 'max:255', 'unique:users,email'],
                'roles' => ['nullable', 'array'],
                'roles.*' => ['string', 'max:100'],
                'permissions' => ['nullable', 'array'],
                'permissions.*' => ['string', 'max:150'],
                'password' => ['required', Password::min(8)],

            ]);

            $user = User::create([
                'name' => $data['name'],
                'email' => $data['email'],
                'password' => $data['password'], // hashed via User model cast
            ]);

            if (! empty($data['roles'])) {
                $user->syncRoles($data['roles']);
            }

            if (! empty($data['permissions'])) {
                $user->syncPermissions($data['permissions']);
            }

            $token = $user->createToken('api')->plainTextToken;

            return $this->sendResponse([
                'user' => $user->load('roles', 'permissions'),
                'token' => $token,
            ], 'User registered successfully.');

        } catch (ValidationException $e) {
            return $this->sendError('Validation Error.', $e->errors(), 422);
        } catch (\Exception $e) {
            return $this->sendError('Registration failed.', ['error' => $e->getMessage()], 500);
        }
    }

    public function login(Request $request): JsonResponse
    {
        try {
            $credentials = $request->validate([
                'email' => ['required', 'email'],
                'password' => ['required', 'string'],
            ]);

            /** @var User|null $user */
            $user = User::where('email', $credentials['email'])->first();

            if (! $user || ! Hash::check($credentials['password'], $user->password)) {
                return $this->sendError('Invalid credentials.', ['email' => ['The provided credentials are incorrect.']], 401);
            }

            $token = $user->createToken('api')->plainTextToken;

            return $this->sendResponse([
                'user' => $user,
                'token' => $token,
            ], 'Login successful.');

        } catch (ValidationException $e) {
            return $this->sendError('Validation Error.', $e->errors(), 422);
        } catch (\Exception $e) {
            return $this->sendError('Login failed.', ['error' => $e->getMessage()], 500);
        }
    }

    public function checkEmail(Request $request): JsonResponse
    {
        try {
            $data = $request->validate([
                'email' => ['required', 'email'],
            ]);

            $user = User::where('email', $data['email'])->first();

            if (! $user) {
                return $this->sendError('Utilisateur introuvable.', [
                    'email' => ['Aucun utilisateur ne correspond a cet email.'],
                ], 404);
            }

            return $this->sendResponse([
                'user' => [
                    'id' => $user->id,
                    'name' => $user->name,
                    'email' => $user->email,
                ],
                'has_password' => ! empty($user->getRawOriginal('password')),
            ], 'Email verifie avec succes.');
        } catch (ValidationException $e) {
            return $this->sendError('Validation Error.', $e->errors(), 422);
        } catch (\Exception $e) {
            return $this->sendError('Email check failed.', ['error' => $e->getMessage()], 500);
        }
    }

    public function createPasswordAndLogin(Request $request): JsonResponse
    {
        try {
            $data = $request->validate([
                'email' => ['required', 'email'],
                'password' => ['required', 'confirmed', Password::min(8)],
            ]);

            /** @var User|null $user */
            $user = User::where('email', $data['email'])->first();

            if (! $user) {
                return $this->sendError('Utilisateur introuvable.', [
                    'email' => ['Aucun utilisateur ne correspond a cet email.'],
                ], 404);
            }

            if (! empty($user->getRawOriginal('password'))) {
                return $this->sendError('Mot de passe deja defini.', [
                    'password' => ['Cet utilisateur a deja un mot de passe.'],
                ], 422);
            }

            $user->password = $data['password'];
            $user->save();

            $token = $user->createToken('api')->plainTextToken;

            return $this->sendResponse([
                'user' => $user,
                'token' => $token,
            ], 'Mot de passe cree et connexion reussie.');
        } catch (ValidationException $e) {
            return $this->sendError('Validation Error.', $e->errors(), 422);
        } catch (\Exception $e) {
            return $this->sendError('Password creation failed.', ['error' => $e->getMessage()], 500);
        }
    }

    public function me(Request $request): JsonResponse
    {
        try {
            $user = $request->user();

            if (!$user) {
                return $this->sendError('Unauthenticated.', [], 401);
            }

            return $this->sendResponse($user->load('roles', 'permissions'), 'User retrieved successfully.');

        } catch (\Exception $e) {
            return $this->sendError('Failed to retrieve user.', ['error' => $e->getMessage()], 500);
        }
    }

    public function logout(Request $request): JsonResponse
    {
        try {
            $user = $request->user();

            if (!$user) {
                return $this->sendError('Unauthenticated.', [], 401);
            }

            if ($user->currentAccessToken()) {
                $user->currentAccessToken()->delete();
            }

            return $this->sendResponse([], 'Logged out successfully.');

        } catch (\Exception $e) {
            return $this->sendError('Logout failed.', ['error' => $e->getMessage()], 500);
        }
    }

    public function logoutAll(Request $request): JsonResponse
    {
        try {
            $user = $request->user();

            if (!$user) {
                return $this->sendError('Unauthenticated.', [], 401);
            }

            $user->tokens()->delete();

            return $this->sendResponse([], 'Logged out from all devices successfully.');

        } catch (\Exception $e) {
            return $this->sendError('Logout failed.', ['error' => $e->getMessage()], 500);
        }
    }
}