package httpapi

import (
	"encoding/json"
	"net/http"
	"strings"

	"github.com/easyai/easyai-ai-gateway/apps/api/internal/store"
)

func (s *Server) createTenant(w http.ResponseWriter, r *http.Request) {
	var input store.GatewayTenantInput
	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
		writeError(w, http.StatusBadRequest, "invalid json body")
		return
	}
	if !validTenantInput(input) {
		writeError(w, http.StatusBadRequest, "tenantKey and name are required")
		return
	}
	item, err := s.store.CreateTenant(r.Context(), input)
	if err != nil {
		if store.IsUniqueViolation(err) {
			writeError(w, http.StatusConflict, "tenant key or external tenant id already exists")
			return
		}
		s.logger.Error("create tenant failed", "error", err)
		writeError(w, http.StatusInternalServerError, "create tenant failed")
		return
	}
	writeJSON(w, http.StatusCreated, item)
}

func (s *Server) updateTenant(w http.ResponseWriter, r *http.Request) {
	var input store.GatewayTenantInput
	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
		writeError(w, http.StatusBadRequest, "invalid json body")
		return
	}
	if !validTenantInput(input) {
		writeError(w, http.StatusBadRequest, "tenantKey and name are required")
		return
	}
	item, err := s.store.UpdateTenant(r.Context(), r.PathValue("tenantID"), input)
	if err != nil {
		if store.IsNotFound(err) {
			writeError(w, http.StatusNotFound, "tenant not found")
			return
		}
		if store.IsUniqueViolation(err) {
			writeError(w, http.StatusConflict, "tenant key or external tenant id already exists")
			return
		}
		s.logger.Error("update tenant failed", "error", err)
		writeError(w, http.StatusInternalServerError, "update tenant failed")
		return
	}
	writeJSON(w, http.StatusOK, item)
}

func (s *Server) deleteTenant(w http.ResponseWriter, r *http.Request) {
	if err := s.store.DeleteTenant(r.Context(), r.PathValue("tenantID")); err != nil {
		if store.IsNotFound(err) {
			writeError(w, http.StatusNotFound, "tenant not found")
			return
		}
		s.logger.Error("delete tenant failed", "error", err)
		writeError(w, http.StatusInternalServerError, "delete tenant failed")
		return
	}
	w.WriteHeader(http.StatusNoContent)
}

func (s *Server) createGatewayUser(w http.ResponseWriter, r *http.Request) {
	var input store.GatewayUserInput
	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
		writeError(w, http.StatusBadRequest, "invalid json body")
		return
	}
	if !validGatewayUserInput(input) {
		writeError(w, http.StatusBadRequest, "username is required")
		return
	}
	if !validOptionalPassword(input.Password) {
		writeError(w, http.StatusBadRequest, store.ErrWeakPassword.Error())
		return
	}
	item, err := s.store.CreateGatewayUser(r.Context(), input)
	if err != nil {
		if store.IsUniqueViolation(err) {
			writeError(w, http.StatusConflict, "user key, email or external user id already exists")
			return
		}
		s.logger.Error("create gateway user failed", "error", err)
		writeError(w, http.StatusInternalServerError, "create gateway user failed")
		return
	}
	writeJSON(w, http.StatusCreated, item)
}

func (s *Server) updateGatewayUser(w http.ResponseWriter, r *http.Request) {
	var input store.GatewayUserInput
	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
		writeError(w, http.StatusBadRequest, "invalid json body")
		return
	}
	if !validGatewayUserInput(input) {
		writeError(w, http.StatusBadRequest, "username is required")
		return
	}
	if !validOptionalPassword(input.Password) {
		writeError(w, http.StatusBadRequest, store.ErrWeakPassword.Error())
		return
	}
	item, err := s.store.UpdateGatewayUser(r.Context(), r.PathValue("userID"), input)
	if err != nil {
		if store.IsNotFound(err) {
			writeError(w, http.StatusNotFound, "user not found")
			return
		}
		if store.IsUniqueViolation(err) {
			writeError(w, http.StatusConflict, "user key, email or external user id already exists")
			return
		}
		s.logger.Error("update gateway user failed", "error", err)
		writeError(w, http.StatusInternalServerError, "update gateway user failed")
		return
	}
	writeJSON(w, http.StatusOK, item)
}

func (s *Server) deleteGatewayUser(w http.ResponseWriter, r *http.Request) {
	if err := s.store.DeleteGatewayUser(r.Context(), r.PathValue("userID")); err != nil {
		if store.IsNotFound(err) {
			writeError(w, http.StatusNotFound, "user not found")
			return
		}
		s.logger.Error("delete gateway user failed", "error", err)
		writeError(w, http.StatusInternalServerError, "delete gateway user failed")
		return
	}
	w.WriteHeader(http.StatusNoContent)
}

func (s *Server) createUserGroup(w http.ResponseWriter, r *http.Request) {
	var input store.UserGroupInput
	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
		writeError(w, http.StatusBadRequest, "invalid json body")
		return
	}
	if !validUserGroupInput(input) {
		writeError(w, http.StatusBadRequest, "groupKey and name are required")
		return
	}
	item, err := s.store.CreateUserGroup(r.Context(), input)
	if err != nil {
		if store.IsUniqueViolation(err) {
			writeError(w, http.StatusConflict, "user group key already exists")
			return
		}
		s.logger.Error("create user group failed", "error", err)
		writeError(w, http.StatusInternalServerError, "create user group failed")
		return
	}
	writeJSON(w, http.StatusCreated, item)
}

func (s *Server) updateUserGroup(w http.ResponseWriter, r *http.Request) {
	var input store.UserGroupInput
	if err := json.NewDecoder(r.Body).Decode(&input); err != nil {
		writeError(w, http.StatusBadRequest, "invalid json body")
		return
	}
	if !validUserGroupInput(input) {
		writeError(w, http.StatusBadRequest, "groupKey and name are required")
		return
	}
	item, err := s.store.UpdateUserGroup(r.Context(), r.PathValue("groupID"), input)
	if err != nil {
		if store.IsNotFound(err) {
			writeError(w, http.StatusNotFound, "user group not found")
			return
		}
		if store.IsUniqueViolation(err) {
			writeError(w, http.StatusConflict, "user group key already exists")
			return
		}
		s.logger.Error("update user group failed", "error", err)
		writeError(w, http.StatusInternalServerError, "update user group failed")
		return
	}
	writeJSON(w, http.StatusOK, item)
}

func (s *Server) deleteUserGroup(w http.ResponseWriter, r *http.Request) {
	if err := s.store.DeleteUserGroup(r.Context(), r.PathValue("groupID")); err != nil {
		if store.IsNotFound(err) {
			writeError(w, http.StatusNotFound, "user group not found")
			return
		}
		s.logger.Error("delete user group failed", "error", err)
		writeError(w, http.StatusInternalServerError, "delete user group failed")
		return
	}
	w.WriteHeader(http.StatusNoContent)
}

func validTenantInput(input store.GatewayTenantInput) bool {
	return strings.TrimSpace(input.TenantKey) != "" && strings.TrimSpace(input.Name) != ""
}

func validGatewayUserInput(input store.GatewayUserInput) bool {
	return strings.TrimSpace(input.Username) != ""
}

func validOptionalPassword(password string) bool {
	password = strings.TrimSpace(password)
	return password == "" || len(password) >= 8
}

func validUserGroupInput(input store.UserGroupInput) bool {
	return strings.TrimSpace(input.GroupKey) != "" && strings.TrimSpace(input.Name) != ""
}