// SPDX-License-Identifier: AGPL-3.0-or-later

package handler

import (
	"errors"
	"log/slog"
	"net/http"
	"strings"

	"kode.naiv.no/olemd/favoritter/internal/image"
	"kode.naiv.no/olemd/favoritter/internal/middleware"
	"kode.naiv.no/olemd/favoritter/internal/model"
	"kode.naiv.no/olemd/favoritter/internal/render"
	"kode.naiv.no/olemd/favoritter/internal/store"
)

// handlePublicProfile shows a user's public profile and their public faves.
func (h *Handler) handlePublicProfile(w http.ResponseWriter, r *http.Request) {
	username := r.PathValue("username")

	profileUser, err := h.deps.Users.GetByUsername(username)
	if err != nil {
		if errors.Is(err, store.ErrUserNotFound) {
			http.NotFound(w, r)
			return
		}
		slog.Error("get user error", "error", err)
		http.Error(w, "Internal error", http.StatusInternalServerError)
		return
	}

	if profileUser.Disabled {
		http.NotFound(w, r)
		return
	}

	// Check if the viewing user is the profile owner.
	viewer := middleware.UserFromContext(r.Context())
	isOwner := viewer != nil && viewer.ID == profileUser.ID

	page := queryInt(r, "page", 1)
	offset := (page - 1) * defaultPageSize

	var faves []*model.Fave
	var total int

	if isOwner {
		faves, total, err = h.deps.Faves.ListByUser(profileUser.ID, defaultPageSize, offset)
	} else {
		faves, total, err = h.deps.Faves.ListPublicByUser(profileUser.ID, defaultPageSize, offset)
	}
	if err != nil {
		slog.Error("list faves error", "error", err)
		http.Error(w, "Internal error", http.StatusInternalServerError)
		return
	}

	if err := h.deps.Faves.LoadTags(faves); err != nil {
		slog.Error("load tags error", "error", err)
	}

	totalPages := (total + defaultPageSize - 1) / defaultPageSize

	h.deps.Renderer.Page(w, r, "profile", render.PageData{
		Title: profileUser.DisplayNameOrUsername() + " sine favoritter",
		Data: map[string]any{
			"ProfileUser": profileUser,
			"IsOwner":     isOwner,
			"IsLimited":   profileUser.ProfileVisibility == "limited" && !isOwner,
			"Faves":       faves,
			"Page":        page,
			"TotalPages":  totalPages,
			"Total":       total,
		},
	})
}

// handleSettingsGet shows the user settings page.
func (h *Handler) handleSettingsGet(w http.ResponseWriter, r *http.Request) {
	user := middleware.UserFromContext(r.Context())

	h.deps.Renderer.Page(w, r, "settings", render.PageData{
		Title: "Innstillinger",
		Data: map[string]any{
			"SettingsUser": user,
		},
	})
}

// handleSettingsPost processes the settings form.
func (h *Handler) handleSettingsPost(w http.ResponseWriter, r *http.Request) {
	user := middleware.UserFromContext(r.Context())

	if err := r.ParseForm(); err != nil {
		h.flash(w, r, "settings", "Ugyldig forespørsel.", "error", settingsData(user))
		return
	}

	displayName := strings.TrimSpace(r.FormValue("display_name"))
	bio := strings.TrimSpace(r.FormValue("bio"))
	profileVisibility := r.FormValue("profile_visibility")
	defaultFavePrivacy := r.FormValue("default_fave_privacy")

	if profileVisibility != "public" && profileVisibility != "limited" {
		profileVisibility = user.ProfileVisibility
	}
	if defaultFavePrivacy != "public" && defaultFavePrivacy != "private" {
		defaultFavePrivacy = user.DefaultFavePrivacy
	}

	if err := h.deps.Users.UpdateProfile(user.ID, displayName, bio, profileVisibility, defaultFavePrivacy); err != nil {
		slog.Error("update profile error", "error", err)
		h.flash(w, r, "settings", "Noe gikk galt. Prøv igjen.", "error", settingsData(user))
		return
	}

	h.flash(w, r, "settings", "Innstillingene er lagret.", "success", settingsData(user))
}

// handleSettingsPasswordPost handles password change from the settings page.
func (h *Handler) handleSettingsPasswordPost(w http.ResponseWriter, r *http.Request) {
	user := middleware.UserFromContext(r.Context())

	if err := r.ParseForm(); err != nil {
		h.flash(w, r, "settings", "Ugyldig forespørsel.", "error", settingsData(user))
		return
	}

	currentPassword := r.FormValue("current_password")
	newPassword := r.FormValue("new_password")
	confirmPassword := r.FormValue("confirm_password")

	// Verify current password.
	if _, err := h.deps.Users.Authenticate(user.Username, currentPassword); err != nil {
		h.flash(w, r, "settings", "Nåværende passord er feil.", "error", settingsData(user))
		return
	}

	if len(newPassword) < 8 {
		h.flash(w, r, "settings", "Nytt passord må være minst 8 tegn.", "error", settingsData(user))
		return
	}

	if newPassword != confirmPassword {
		h.flash(w, r, "settings", "Passordene er ikke like.", "error", settingsData(user))
		return
	}

	if err := h.deps.Users.UpdatePassword(user.ID, newPassword); err != nil {
		slog.Error("update password error", "error", err)
		h.flash(w, r, "settings", "Noe gikk galt. Prøv igjen.", "error", settingsData(user))
		return
	}

	// Invalidate other sessions, keep current one.
	if delErr := h.deps.Sessions.DeleteAllForUser(user.ID); delErr != nil {
		slog.Error("session cleanup error", "error", delErr)
	}
	token, err := h.deps.Sessions.Create(user.ID)
	if err != nil {
		slog.Error("session create error", "error", err)
		http.Redirect(w, r, h.deps.Config.BasePath+"/login", http.StatusSeeOther)
		return
	}
	h.setSessionCookie(w, r, token)

	h.flash(w, r, "settings", "Passordet er endret.", "success", settingsData(user))
}

// handleAvatarPost handles avatar upload.
func (h *Handler) handleAvatarPost(w http.ResponseWriter, r *http.Request) {
	user := middleware.UserFromContext(r.Context())

	if err := r.ParseMultipartForm(h.deps.Config.MaxUploadSize); err != nil {
		h.flash(w, r, "settings", "Filen er for stor.", "error", settingsData(user))
		return
	}

	file, header, err := r.FormFile("avatar")
	if err != nil {
		h.flash(w, r, "settings", "Velg et bilde å laste opp.", "error", settingsData(user))
		return
	}
	defer file.Close()

	result, err := image.Process(file, header, h.deps.Config.UploadDir)
	if err != nil {
		slog.Error("avatar process error", "error", err)
		h.flash(w, r, "settings", "Kunne ikke behandle bildet. Sjekk at filen er et gyldig bilde.", "error", settingsData(user))
		return
	}

	// Delete old avatar if there was one.
	if user.AvatarPath != "" {
		if delErr := image.Delete(h.deps.Config.UploadDir, user.AvatarPath); delErr != nil {
			slog.Error("avatar delete error", "error", delErr)
		}
	}

	if err := h.deps.Users.UpdateAvatar(user.ID, result.Filename); err != nil {
		slog.Error("update avatar error", "error", err)
		h.flash(w, r, "settings", "Noe gikk galt. Prøv igjen.", "error", settingsData(user))
		return
	}

	h.flash(w, r, "settings", "Profilbildet er oppdatert.", "success", settingsData(user))
}

func settingsData(user *model.User) map[string]any {
	return map[string]any{"SettingsUser": user}
}