package handler

import (
	"net/http"

	"github.com/gin-gonic/gin"

	"github.com/dhao2001/mygo/internal/api"
	"github.com/dhao2001/mygo/internal/middleware"
	"github.com/dhao2001/mygo/internal/model"
	"github.com/dhao2001/mygo/internal/service"
)

// AccountHandler handles authenticated account endpoints.
type AccountHandler struct {
	authService *service.AuthService
}

// NewAccountHandler creates an AccountHandler.
func NewAccountHandler(authService *service.AuthService) *AccountHandler {
	return &AccountHandler{authService: authService}
}

type createPasskeyRequest struct {
	Label string `json:"label" binding:"required"`
}

// GetAccount handles GET /api/v1/account.
func (h *AccountHandler) GetAccount(c *gin.Context) {
	userID := middleware.GetUserID(c)
	if userID == "" {
		api.Error(c, http.StatusUnauthorized, "unauthorized")
		return
	}

	c.JSON(http.StatusOK, gin.H{"user_id": userID})
}

// ListPasskeys handles GET /api/v1/account/passkeys.
func (h *AccountHandler) ListPasskeys(c *gin.Context) {
	userID := middleware.GetUserID(c)
	if userID == "" {
		api.Error(c, http.StatusUnauthorized, "unauthorized")
		return
	}

	creds, err := h.authService.ListPasskeys(c.Request.Context(), userID)
	if err != nil {
		api.Error(c, http.StatusInternalServerError, err.Error())
		return
	}

	if creds == nil {
		creds = []model.Credential{}
	}

	c.JSON(http.StatusOK, creds)
}

// CreatePasskey handles POST /api/v1/account/passkeys.
func (h *AccountHandler) CreatePasskey(c *gin.Context) {
	userID := middleware.GetUserID(c)
	if userID == "" {
		api.Error(c, http.StatusUnauthorized, "unauthorized")
		return
	}

	var req createPasskeyRequest
	if err := c.ShouldBindJSON(&req); err != nil {
		api.Error(c, http.StatusBadRequest, "invalid request: "+err.Error())
		return
	}

	pk, err := h.authService.CreatePasskey(c.Request.Context(), userID, req.Label)
	if err != nil {
		api.Error(c, http.StatusInternalServerError, err.Error())
		return
	}

	c.JSON(http.StatusCreated, pk)
}

// RevokePasskey handles DELETE /api/v1/account/passkeys/:id.
func (h *AccountHandler) RevokePasskey(c *gin.Context) {
	userID := middleware.GetUserID(c)
	if userID == "" {
		api.Error(c, http.StatusUnauthorized, "unauthorized")
		return
	}

	passkeyID := c.Param("id")
	if passkeyID == "" {
		api.Error(c, http.StatusBadRequest, "missing passkey id")
		return
	}

	if err := h.authService.RevokePasskey(c.Request.Context(), userID, passkeyID); err != nil {
		if err == model.ErrForbidden {
			api.Error(c, http.StatusForbidden, err.Error())
			return
		}
		api.Error(c, http.StatusInternalServerError, err.Error())
		return
	}

	c.Status(http.StatusOK)
}