package api

import (
	"net/http"

	"github.com/go-chi/chi/v5"
	"github.com/go-chi/chi/v5/middleware"

	"github.com/jacek/pamietnik/backend/internal/auth"
	"github.com/jacek/pamietnik/backend/internal/db"
)

func NewRouter(
	authStore *auth.Store,
	tpStore *db.TrackpointStore,
	stopStore *db.StopStore,
	suggStore *db.SuggestionStore,
	journalStore *db.JournalStore,
	uploadDir string,
) http.Handler {
	r := chi.NewRouter()
	r.Use(middleware.RealIP)
	r.Use(middleware.Logger)
	r.Use(middleware.Recoverer)

	webUI := NewWebUI(authStore, tpStore, stopStore, journalStore)
	journalHandler := NewJournalHandler(journalStore, uploadDir)
	authMW := RequireAuth(authStore)
	webAuthMW := requireWebAuth(authStore)

	// Health
	r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte("ok"))
	})
	r.Get("/readyz", func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte("ok"))
	})

	// Ingest (session auth; Android API-Key auth TBD)
	r.Group(func(r chi.Router) {
		r.Use(authMW)
		r.Post("/v1/trackpoints", HandleSingleTrackpoint(tpStore))
		r.Post("/v1/trackpoints:batch", HandleBatchTrackpoints(tpStore))
	})

	// Query API (session auth)
	r.Group(func(r chi.Router) {
		r.Use(authMW)
		r.Get("/v1/days", HandleListDays(tpStore))
		r.Get("/v1/trackpoints", HandleListTrackpoints(tpStore))
		r.Get("/v1/stops", HandleListStops(stopStore))
		r.Get("/v1/suggestions", HandleListSuggestions(suggStore))
	})

	// Static assets (CSS etc.)
	r.Handle("/static/*", http.StripPrefix("/static/", http.FileServer(http.FS(staticFS()))))

	// Web UI
	r.Get("/login", webUI.HandleGetLogin)
	r.Post("/login", webUI.HandlePostLogin)
	r.Post("/logout", webUI.HandleLogout)

	r.Group(func(r chi.Router) {
		r.Use(webAuthMW)
		r.Get("/days", webUI.HandleDaysList)
		r.Get("/days/redirect", webUI.HandleDaysRedirect)
		r.Get("/days/{date}", webUI.HandleDayDetail)
		r.Post("/entries", journalHandler.HandleCreateEntry)
	})

	// Serve uploaded images
	r.Handle("/uploads/*", http.StripPrefix("/uploads/", http.FileServer(http.Dir(uploadDir))))

	// SPA (Vite webapp) — served under /app/*
	spaPrefix := "/app"
	r.Handle(spaPrefix, http.RedirectHandler(spaPrefix+"/", http.StatusMovedPermanently))
	r.Handle(spaPrefix+"/*", http.StripPrefix(spaPrefix, SPAHandler(spaPrefix)))

	// Redirect root to Go Web UI /days
	r.Get("/", func(w http.ResponseWriter, r *http.Request) {
		http.Redirect(w, r, "/days", http.StatusSeeOther)
	})

	return r
}

// requireWebAuth redirects to /login for unauthenticated web users (HTML response).
func requireWebAuth(authStore *auth.Store) func(http.Handler) http.Handler {
	return func(next http.Handler) http.Handler {
		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
			cookie, err := r.Cookie(sessionCookieName)
			if err != nil {
				http.Redirect(w, r, "/login", http.StatusSeeOther)
				return
			}
			sess, err := authStore.GetSession(r.Context(), cookie.Value)
			if err != nil {
				http.Redirect(w, r, "/login", http.StatusSeeOther)
				return
			}
			ctx := r.Context()
			ctx = contextWithUserID(ctx, sess.UserID)
			next.ServeHTTP(w, r.WithContext(ctx))
		})
	}
}