package httpserver

import (
	"net/http"

	"github.com/go-chi/chi/v5"

	"nexavpn/backend/internal/apiutil"
	"nexavpn/backend/internal/auth"
	"nexavpn/backend/internal/audit"
	"nexavpn/backend/internal/device"
	"nexavpn/backend/internal/gateway"
	"nexavpn/backend/internal/policy"
	"nexavpn/backend/internal/user"
)

type Handlers struct {
	Auth    *auth.Handler
	User    *user.Handler
	Device  *device.Handler
	Policy  *policy.Handler
	Gateway *gateway.Handler
	Audit   *audit.Handler
}

func NewRouter(jwtSecret string, handlers Handlers) http.Handler {
	r := chi.NewRouter()
	r.Use(BaseMiddleware)

	r.Get("/healthz", func(w http.ResponseWriter, _ *http.Request) {
		apiutil.JSON(w, http.StatusOK, map[string]string{"status": "ok"})
	})

	r.Route("/api/v1", func(r chi.Router) {
		r.Get("/auth/bootstrap/status", handlers.Auth.BootstrapStatus)
		r.Post("/auth/bootstrap", handlers.Auth.Bootstrap)
		r.Post("/auth/login", handlers.Auth.Login)
		r.Post("/auth/refresh", handlers.Auth.Refresh)
		r.Post("/auth/logout", handlers.Auth.Logout)
		r.Post("/gateway-agent/bootstrap", handlers.Gateway.Bootstrap)
		r.Get("/gateway-agent/{id}/sync", handlers.Gateway.AgentSyncBundle)

		r.Group(func(r chi.Router) {
			r.Use(AuthMiddleware(jwtSecret))
			r.Get("/auth/me", handlers.Auth.Me)
			r.Post("/devices/enroll", handlers.Device.Enroll)
			r.Get("/me/devices", handlers.Device.ListOwn)
			r.Get("/me/profile", handlers.Device.GetOwnProfile)
			r.Get("/connection/status", handlers.Device.ConnectionStatus)

			r.Route("/admin", func(r chi.Router) {
				r.Use(AdminOnly)
				r.Get("/users", handlers.User.List)
				r.Post("/users", handlers.User.Create)
				r.Post("/users/{id}/disable", handlers.User.Disable)
				r.Post("/users/{id}/enable", handlers.User.Enable)
				r.Get("/devices", handlers.Device.ListAll)
				r.Get("/devices/{id}/profile", handlers.Device.GetProfileByDeviceID)
				r.Post("/devices/{id}/revoke", handlers.Device.Revoke)
				r.Post("/devices/{id}/rotate", handlers.Device.Rotate)
				r.Get("/policies", handlers.Policy.List)
				r.Post("/policies", handlers.Policy.Create)
				r.Get("/gateways", handlers.Gateway.List)
				r.Get("/gateways/{id}/sync", handlers.Gateway.SyncBundle)
				r.Patch("/gateways/{id}", handlers.Gateway.Update)
				r.Get("/audit-logs", handlers.Audit.List)
			})
		})
	})

	return r
}