<?php

namespace App\Http\Controllers;

use App\Actions\Fortify\CreateNewUser;
use App\Actions\Fortify\PasswordValidationRules;
use App\Models\User;
use Illuminate\Auth\Events\Verified;
use Illuminate\Auth\Events\PasswordReset;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;

class AuthController extends Controller
{
    use PasswordValidationRules;

    public function register(Request $request, CreateNewUser $creator): JsonResponse
    {
        $input = [
            'name' => $request->input(key: 'name') ?? $request->input(key: 'username'),
            'email' => $request->input(key: 'email'),
            'password' => $request->input(key: 'password') ?? $request->input(key: 'plainPassword'),
            'password_confirmation' => $request->input(key: 'password_confirmation')
                                       ?? $request->input(key: 'plainPassword'),
        ];

        $user = $creator->create(input: $input);

        $user->sendEmailVerificationNotification();

        return response()->json(data: [
            'user_id' => $user->id,
            'email' => $user->email,
            'message' => 'Verification email sent.',
        ]);
    }

    public function login(Request $request): JsonResponse
    {
        $request->merge(input: [
            'login' => $request->input(key: 'login', default: $request->input(key: 'email')),
        ]);

        $request->validate(rules: [
            'login' => ['required', 'string'],
            'password' => ['required', 'string'],
        ]);

        $login = trim(string: (string) $request->input(key: 'login'));
        $loginNormalized = Str::lower(value: $login);
        $userQuery = User::query();

        if (filter_var(value: $login, filter: FILTER_VALIDATE_EMAIL)) {
            $userQuery->whereRaw(sql: 'lower(email) = ?', bindings: [$loginNormalized]);
        } else {
            $userQuery->where(column: 'name_canonical', operator: $loginNormalized);
        }

        $user = $userQuery->first();

        if (!$user || !Hash::check(value: $request->input(key: 'password'), hashedValue: $user->password)) {
            throw ValidationException::withMessages(messages: [
                'login' => ['Invalid credentials.'],
            ]);
        }

        if (!$user->hasVerifiedEmail()) {
            return response()->json(data  : [
                'message' => 'Email not verified.',
            ], status: 403);
        }

        $token = $user->createToken(name: 'api')->plainTextToken;

        return response()->json(data: [
            'token' => $token,
            'user_id' => $user->id,
            'email' => $user->email,
            'roles' => $user->roles()->pluck(column: 'name')->values(),
        ]);
    }

    public function verifyEmail(Request $request, string $id, string $hash): RedirectResponse
    {
        $user = User::findOrFail(id: $id);

        if (!hash_equals(known_string: $hash, user_string: sha1(string: $user->getEmailForVerification()))) {
            abort(code: 403);
        }

        if (!$user->hasVerifiedEmail()) {
            $user->markEmailAsVerified();
            event(new Verified(user: $user));
        }

        return redirect(to: '/login');
    }

    public function forgotPassword(Request $request): JsonResponse
    {
        $request->validate(rules: [
            'email' => ['required', 'email'],
        ]);

        $status = Password::sendResetLink(
            $request->only(keys: 'email')
        );

        if ($status !== Password::RESET_LINK_SENT) {
            throw ValidationException::withMessages(messages: [
                'email' => [__(key: $status)],
            ]);
        }

        return response()->json(data: ['message' => __(key: $status)]);
    }

    public function resetPassword(Request $request): JsonResponse
    {
        $request->validate(rules: [
            'token' => ['required'],
            'email' => ['required', 'email'],
            'password' => $this->passwordRules(),
        ]);

        $status = Password::reset(
            $request->only('email', 'password', 'password_confirmation', 'token'),
            function (User $user, string $password) {
                $user->forceFill(attributes: [
                    'password' => Hash::make(value: $password),
                    'remember_token' => Str::random(length: 60),
                ])->save();

                event(new PasswordReset(user: $user));
            }
        );

        if ($status !== Password::PASSWORD_RESET) {
            throw ValidationException::withMessages(messages: [
                'email' => [__(key: $status)],
            ]);
        }

        return response()->json(data: ['message' => __(key: $status)]);
    }

    public function updatePassword(Request $request): JsonResponse
    {
        $request->validate(rules: [
            'current_password' => ['required'],
            'password' => $this->passwordRules(),
        ]);

        $user = $request->user();

        if (!$user || !Hash::check(value: $request->input(key: 'current_password'), hashedValue: $user->password)) {
            throw ValidationException::withMessages(messages: [
                'current_password' => ['Invalid current password.'],
            ]);
        }

        $user->forceFill(attributes: [
            'password' => Hash::make(value: $request->input(key: 'password')),
            'remember_token' => Str::random(length: 60),
        ])->save();

        return response()->json(data: ['message' => 'Password updated.']);
    }

    public function logout(Request $request): JsonResponse
    {
        $request->user()?->currentAccessToken()?->delete();

        return response()->json(data: null, status: 204);
    }
}