package app

import (
	"fmt"
	"net/http"
	"strings"

	"git.linuxforward.com/byom/byom-core/handlers"
	"git.linuxforward.com/byom/byom-core/jwtutils"
	"github.com/gin-gonic/gin"
)

func addRoutes(
	rtr *gin.Engine,
	jwtSvc *jwtutils.Service,
	userHandler *handlers.UserHandler,
	workspaceHandler *handlers.WorkspaceHandler,
	profileHandler *handlers.ProfileHandler,
) {

	//group routes behind /api/v1/core
	coreRtr := rtr.Group("/api/v1/core")

	// Health check
	coreRtr.GET("/health", func(c *gin.Context) {
		c.JSON(http.StatusOK, gin.H{"status": "ok"})
	})

	// Auth routes
	coreRtr.POST("/auth/login", userHandler.Login)

	// User init routes
	coreRtr.POST("/workspaces/owner", userHandler.InitWorkspaceOwner)
	coreRtr.PUT("/workspaces/owner", userHandler.CreateWorkspaceOwner)
	coreRtr.POST("/workspaces/invite", userHandler.CreateInvitedUser)
	coreRtr.GET("/workspaces/invite/validate", userHandler.ValidateInvitedUser)

	// Logged in user routes
	auth := coreRtr.Group("/")
	auth.Use(authMiddleware(jwtSvc))

	// User management
	auth.POST("/users/invite", userHandler.InviteUser)
	//add user to workspace
	auth.POST("/users/workspaces", userHandler.AddUserToWorkspace)
	// auth.GET("/users/invitations", userHandler.ListInvitations)
	// auth.DELETE("/users/invitations/:id", userHandler.CancelInvitation)

	// Workspace management
	auth.POST("/workspaces", workspaceHandler.CreateWorkspace)

	// Profile management
	auth.GET("/profiles", profileHandler.GetProfiles)
	auth.POST("/profiles", profileHandler.CreateProfile)
	auth.GET("/profiles/:id", profileHandler.GetProfile)
	auth.PUT("/profiles/:id", profileHandler.UpdateProfile)
	auth.DELETE("/profiles/:id", profileHandler.DeleteProfile)
	auth.GET("/profiles/workspaces", profileHandler.GetProfilesByWorkspace)

	// User profile
	auth.GET("/users/me", userHandler.GetCurrentUser)
	auth.PUT("/users/me", userHandler.UpdateCurrentUser)
}

func authMiddleware(jwtSvc *jwtutils.Service) gin.HandlerFunc {
	return func(c *gin.Context) {
		authHeader := c.GetHeader("Authorization")

		if authHeader == "" {
			fmt.Println("No auth header")
			c.AbortWithStatus(http.StatusUnauthorized)
			return
		}

		// Get token part, using SplitAfter to preserve the delimiter
		token := strings.TrimPrefix(authHeader, "Bearer ")
		token = strings.TrimSpace(token)

		// Validate token without any cleaning since we now know it's clean
		claims, err := jwtSvc.ValidateToken(token)
		if err != nil {
			fmt.Println(err)
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Invalid token"})
			return
		}

		// Store claims in the context using the exported key from jwtutils
		c.Set("claims", claims)
		c.Next()
	}
}