import { Router } from 'express'
import { config } from '../config.js'
import {
  getCustomerByAppwriteUserId,
  getPortalAccessByCustomerId,
  updateDocument,
} from '../services/appwriteAdmin.js'
import { loginWithAppwrite } from '../services/appwriteClient.js'
import {
  clearPortalSession,
  requireSession,
  setPortalSession,
} from '../middleware/session.js'

const router = Router()

function sanitizeCustomer(customer) {
  return {
    id: customer.$id,
    code: customer.code || '',
    name: customer.name || '',
    companyName: customer.companyName || '',
    email: customer.email || '',
    phone: customer.phone || '',
    location: customer.location || '',
    customerStatus: customer.customerStatus || '',
    portalAccessEnabled: Boolean(customer.portalAccessEnabled),
  }
}

async function validatePortalAccess(appwriteUserId) {
  const customer = await getCustomerByAppwriteUserId(appwriteUserId)
  if (!customer) {
    const error = new Error('Kein Kundenkonto für diesen Login gefunden.')
    error.status = 403
    throw error
  }

  if (!customer.portalAccessEnabled) {
    const error = new Error('Portalzugang ist nicht freigeschaltet.')
    error.status = 403
    throw error
  }

  const portalAccess = await getPortalAccessByCustomerId(customer.$id)
  if (!portalAccess || !portalAccess.enabled) {
    const error = new Error('Portalzugang ist deaktiviert.')
    error.status = 403
    throw error
  }

  const status = (customer.customerStatus || '').toLowerCase()
  if (!config.allowedCustomerStatuses.includes(status)) {
    const error = new Error('Kundenkonto ist nicht aktiv.')
    error.status = 403
    throw error
  }

  return { customer, portalAccess }
}

router.post('/login', async (req, res) => {
  const { email, password } = req.body || {}
  if (!email || !password) {
    return res.status(400).json({ error: 'E-Mail und Passwort erforderlich' })
  }

  try {
    const user = await loginWithAppwrite(email.trim(), password)
    const { customer, portalAccess } = await validatePortalAccess(user.$id)

    setPortalSession(res, {
      customerId: customer.$id,
      appwriteUserId: user.$id,
      name: customer.name || user.name || '',
      email: customer.email || user.email || email,
    })

    try {
      await updateDocument(config.collections.customerPortalAccess, portalAccess.$id, {
        lastLoginAt: new Date().toISOString(),
      })
    } catch (err) {
      console.warn('[auth] lastLoginAt update failed:', err.message)
    }

    return res.json({ success: true, customer: sanitizeCustomer(customer) })
  } catch (err) {
    const status = err.status || 500
    return res.status(status).json({ error: err.message || 'Anmeldung fehlgeschlagen' })
  }
})

router.post('/logout', (_req, res) => {
  clearPortalSession(res)
  res.json({ success: true })
})

router.get('/me', requireSession, async (req, res) => {
  try {
    const customer = await getCustomerByAppwriteUserId(req.session.appwriteUserId)
    if (!customer) {
      clearPortalSession(res)
      return res.status(403).json({ error: 'Kundenkonto nicht gefunden' })
    }
    return res.json({ customer: sanitizeCustomer(customer) })
  } catch (err) {
    return res.status(500).json({ error: err.message || 'Fehler beim Laden' })
  }
})

export default router