package admin

import (
	"strings"

	"github.com/gin-gonic/gin"
	"github.com/mattnite/forgejo-tickets/internal/auth"
	"github.com/mattnite/forgejo-tickets/internal/config"
	"github.com/mattnite/forgejo-tickets/internal/email"
	"github.com/mattnite/forgejo-tickets/internal/forgejo"
	"github.com/mattnite/forgejo-tickets/internal/middleware"
	"github.com/mattnite/forgejo-tickets/internal/templates"
	"gorm.io/gorm"
)

type Dependencies struct {
	DB            *gorm.DB
	Renderer      *templates.Renderer
	Auth          *auth.Service
	SessionStore  *auth.PGStore
	EmailClient   *email.Client
	ForgejoClient *forgejo.Client
	Config        *config.Config
}

func NewRouter(deps Dependencies) *gin.Engine {
	r := gin.New()

	r.Use(middleware.RequestID)
	r.Use(middleware.Logging)
	r.Use(middleware.Recovery)
	r.Use(middleware.SecurityHeaders(strings.HasPrefix(deps.Config.BaseURL, "https")))

	tsAuth := &TailscaleAuth{allowedUsers: deps.Config.TailscaleAllowedUsers}
	r.Use(tsAuth.Middleware)

	csrfSecret := []byte(deps.Config.SessionSecret)
	isSecure := strings.HasPrefix(deps.Config.BaseURL, "https")
	csrfMiddleware := middleware.CSRF(csrfSecret, isSecure)

	csrf := r.Group("/")
	csrf.Use(csrfMiddleware)
	{
		dashboardHandler := &DashboardHandler{deps: deps}
		csrf.GET("/", dashboardHandler.Index)

		userHandler := &UserHandler{deps: deps}
		csrf.GET("/users", userHandler.List)
		csrf.GET("/users/pending", userHandler.PendingList)
		csrf.GET("/users/new", userHandler.NewForm)
		csrf.GET("/users/:id", userHandler.Detail)
		csrf.POST("/users", userHandler.Create)
		csrf.POST("/users/:id/approve", userHandler.Approve)
		csrf.POST("/users/:id/reject", userHandler.Reject)
		csrf.POST("/users/:id/repos", userHandler.UpdateRepos)

		ticketHandler := &TicketHandler{deps: deps}
		csrf.GET("/tickets", ticketHandler.List)
		csrf.GET("/tickets/:id", ticketHandler.Detail)
		csrf.POST("/tickets/:id/status", ticketHandler.UpdateStatus)

		repoHandler := &RepoHandler{deps: deps}
		csrf.GET("/repos", repoHandler.List)
		csrf.GET("/repos/new", repoHandler.NewForm)
		csrf.POST("/repos", repoHandler.Create)
		csrf.GET("/repos/:id/edit", repoHandler.EditForm)
		csrf.POST("/repos/:id", repoHandler.Update)
	}

	return r
}