const AuthService = require('../services/auth.service');
const { registerSchema, loginSchema } = require('../validate/auth.schema');
const { setResponse, checkValidate } = require('../helpers/utils');
const { createCaptcha } = require('../utils/captcha');

class AuthController {
  // Register
  static async register(req, res) {
    const { error, value } = await checkValidate(registerSchema, req);

    if (error) {
      return res.status(400).json(setResponse(error, 'Validation failed', 400));
    }

    if (value.phone && value.phone.startsWith('0')) {
      value.phone = '+62' + value.phone.slice(1);
    }

    const { user, tokens } = await AuthService.register(value);

    // Set refresh token di cookie
    res.cookie('refreshToken', tokens.refreshToken, {
      httpOnly: true,
      secure: false, // masih dev
      sameSite: 'lax',
      maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
    });

    const response = await setResponse(
      {
        user: { ...user, approved: false },
        accessToken: tokens.accessToken
      },
      'User registered successfully. Waiting for admin approval.',
      201
    );

    return res.status(response.statusCode).json(response);
  }

  // Login
  static async login(req, res) {
    const { error, value } = await checkValidate(loginSchema, req);

    if (error) {
      return res.status(400).json(setResponse(error, 'Validation failed', 400));
    }

    const { identifier, password, captcha, captchaText } = value;

    if (!captcha || captcha.toLowerCase() !== captchaText.toLowerCase()) {
      return res.status(400).json(setResponse([], 'Invalid captcha', 400));
    }

    const { user, tokens } = await AuthService.login({ identifier, password });

    // Set refresh token di cookie
    res.cookie('refreshToken', tokens.refreshToken, {
      httpOnly: true,
      secure: false, // masih dev
      sameSite: 'lax',
      maxAge: 7 * 24 * 60 * 60 * 1000 // 7 hari
    });

    const response = await setResponse(
      {
        user: { ...user, approved: true },
        accessToken: tokens.accessToken
      },
      'Login successful',
      200
    );

    return res.status(response.statusCode).json(response);
  }

  // Refresh Token
  static async refreshToken(req, res) {
    const refreshToken = req.cookies?.refreshToken;

    if (!refreshToken) {
      return res.status(401).json(setResponse(null, 'Refresh token is required', 401));
    }

    const result = await AuthService.refreshToken(refreshToken);
    const response = await setResponse(result, 'Token refreshed successfully', 200);

    return res.status(response.statusCode).json(response);
  }

  // Logout
  static async logout(req, res) {
    res.clearCookie('refreshToken', {
      httpOnly: true,
      sameSite: 'none',
      secure: true
    });

    const response = await setResponse(null, 'Logged out successfully', 200);
    return res.status(response.statusCode).json(response);
  }

  // Captcha
  static async generateCaptcha(req, res) {
    const { svg, text } = createCaptcha();

    // munculkan di header untuk keperluan dev
    res.setHeader('X-Captcha-Text', text);

    const response = await setResponse({ svg, text }, 'Captcha generated', 200);
    return res.status(response.statusCode).json(response);
  }
}

module.exports = AuthController;