package api

import (
	"net/http"

	"github.com/go-chi/chi/v5"
	"github.com/go-chi/chi/v5/middleware"

	"github.com/jacek/pamietnik/backend/internal/auth"
	"github.com/jacek/pamietnik/backend/internal/db"
)

func NewRouter(
	authStore *auth.Store,
	tpStore *db.TrackpointStore,
	stopStore *db.StopStore,
	suggStore *db.SuggestionStore,
	journalStore *db.JournalStore,
	userStore *db.UserStore,
	uploadDir string,
) http.Handler {
	r := chi.NewRouter()
	r.Use(middleware.RealIP)
	r.Use(middleware.Logger)
	r.Use(middleware.Recoverer)

	webUI := NewWebUI(authStore, tpStore, stopStore, journalStore, userStore)
	journalHandler := NewJournalHandler(journalStore, uploadDir)
	authMW := RequireAuth(authStore)

	// Health
	r.Get("/healthz", func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte("ok"))
	})
	r.Get("/readyz", func(w http.ResponseWriter, r *http.Request) {
		w.Write([]byte("ok"))
	})

	// Ingest (session auth; Android API-Key auth TBD)
	r.Group(func(r chi.Router) {
		r.Use(authMW)
		r.Post("/v1/trackpoints", HandleSingleTrackpoint(tpStore))
		r.Post("/v1/trackpoints:batch", HandleBatchTrackpoints(tpStore))
	})

	// Query API (session auth)
	r.Group(func(r chi.Router) {
		r.Use(authMW)
		r.Get("/v1/days", HandleListDays(tpStore))
		r.Get("/v1/trackpoints", HandleListTrackpoints(tpStore))
		r.Get("/v1/stops", HandleListStops(stopStore))
		r.Get("/v1/suggestions", HandleListSuggestions(suggStore))
	})

	// Static assets (CSS etc.)
	r.Handle("/static/*", http.StripPrefix("/static/", http.FileServer(http.FS(staticFS()))))

	// Public routes (no auth required)
	r.Get("/", webUI.HandleFeed)
	r.Get("/feed", webUI.HandleFeedFragment)
	r.Get("/register", webUI.HandleGetRegister)
	r.Post("/register", webUI.HandlePostRegister)
	r.Get("/login", webUI.HandleGetLogin)
	r.Post("/login", webUI.HandlePostLogin)
	r.Post("/logout", webUI.HandleLogout)

	// Authenticated web routes
	r.Group(func(r chi.Router) {
		r.Use(authMW)
		r.Get("/days", webUI.HandleDaysList)
		r.Get("/days/redirect", webUI.HandleDaysRedirect)
		r.Get("/days/{date}", webUI.HandleDayDetail)
		r.Post("/entries", journalHandler.HandleCreateEntry)
	})

	// Admin routes
	r.Group(func(r chi.Router) {
		r.Use(authMW)
		r.Use(requireAdmin)
		r.Get("/admin", func(w http.ResponseWriter, r *http.Request) {
			http.Redirect(w, r, "/admin/entries", http.StatusSeeOther)
		})
		r.Get("/admin/entries", webUI.HandleAdminEntries)
		r.Get("/admin/users", webUI.HandleAdminUsers)
		r.Post("/admin/users", webUI.HandleAdminCreateUser)
		r.Delete("/admin/users/{id}", webUI.HandleAdminDeleteUser)
	})

	// Serve uploaded images
	r.Handle("/uploads/*", http.StripPrefix("/uploads/", http.FileServer(http.Dir(uploadDir))))

	// SPA (Vite webapp) — served under /app/*
	spaPrefix := "/app"
	r.Handle(spaPrefix, http.RedirectHandler(spaPrefix+"/", http.StatusMovedPermanently))
	r.Handle(spaPrefix+"/*", http.StripPrefix(spaPrefix, SPAHandler(spaPrefix)))

	return r
}