<?php

namespace App\Http\Controllers;

use App\Models\AuditLog;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;

class AuditLogController extends Controller
{
    public function index(Request $request): JsonResponse
    {
        $user = $request->user();
        if (!$user) {
            return response()->json(['message' => 'Unauthorized.'], 401);
        }

        $isAdmin = $user->roles()->where('name', 'ROLE_ADMIN')->exists();
        if (!$isAdmin) {
            return response()->json(['message' => 'Not authorized.'], 403);
        }

        $limit = (int) $request->query('limit', 200);
        $limit = max(1, min(500, $limit));

        $logs = AuditLog::query()
            ->with(['user.roles'])
            ->latest('created_at')
            ->limit($limit)
            ->get()
            ->map(fn (AuditLog $log) => $this->serializeLog($log));

        return response()->json($logs);
    }

    private function serializeLog(AuditLog $log): array
    {
        return [
            'id' => $log->id,
            'action' => $log->action,
            'subject_type' => $log->subject_type,
            'subject_id' => $log->subject_id,
            'metadata' => $log->metadata,
            'ip_address' => $log->ip_address,
            'user_agent' => $log->user_agent,
            'created_at' => $log->created_at?->toIso8601String(),
            'user' => $log->user ? [
                'id' => $log->user->id,
                'name' => $log->user->name,
                'email' => $log->user->email,
                'roles' => $log->user->roles?->pluck('name')->values(),
            ] : null,
        ];
    }
}