// ENVIRONMENT 
require('dotenv').config();

// DATABASE
const { PrismaClient : CMSClient }  = require("../../prisma/clients/cms");

const prisma                        = new CMSClient();

// CONSTANTS
const { badRequestResponse }= require("../res/responses.js");
const { successResponse }   = require("../res/responses.js");

const { localTime }         = require("../services/time.services.js");


// CONTROLLER
exports.test = async (req, res) => {
  try {
    return successResponse(res, "API Connected!", null);
  } catch (err) {
    return badRequestResponse(res, "Error connecting to API", err);
  }
}

exports.testSecure = async (req, res) => {
  try {
    const apiKey = req.headers['x-api-key'];

    if (!apiKey) {
      return badRequestResponse(res, "API key is required", "Missing api-key header");
    }

    const validCredential = await prisma.appCredential.findUniqueOrThrow({
      where: {
        TokenCredential_AC: apiKey
      }
    });

    return successResponse(res, "Secure API Connected!", {
      message: "Authentication successful",
      credentialId: validCredential.UUID_AC
    });

  } catch (err) {
    return badRequestResponse(res, "Invalid API key", "Unauthorized access");
  }
}

exports.testToken = async (req, res) => {
  try {
    const user = req.locals.user;

    return successResponse(res, "Token API Connected!", {
      userID: user
    });
    
  } catch (err) {
    return badRequestResponse(res, "Error validating token", err);
  }
}

exports.createToken = async (req, res) => {
  try {
    const apiKey = req.headers['target-x-api-key'];

    const token = apiKey || require('crypto').randomBytes(32).toString('hex');

    const newCredential = await prisma.appCredential.create({
      data: {
        TokenCredential_AC: token,
        CreatedAt_AC: localTime(new Date())
      }
    });

    return successResponse(res, "API key created successfully!", {
      apiKey: newCredential.TokenCredential_AC,
      credentialId: newCredential.UUID_AC,
      createdAt: newCredential.CreatedAt_AC
    });

  } catch (err) {
    return badRequestResponse(res, "API key already exists", "Duplicate token");
  }
}

exports.deleteToken = async (req, res) => {
  try {
    const apiKey = req.headers['target-x-api-key'];

    if (!apiKey) {
      return badRequestResponse(res, "API key is required", "Missing x-api-key header");
    }

    const deletedCredential = await prisma.appCredential.delete({
      where: {
        TokenCredential_AC: apiKey
      }
    });

    return successResponse(res, "API key deleted successfully!", {
      apiKey: deletedCredential.TokenCredential_AC,
      credentialId: deletedCredential.UUID_AC,
      deletedAt: new Date().toISOString()
    });

  } catch (err) {
    if (err.code === 'P2025') {
      return badRequestResponse(res, "API key not found", "No matching token to delete");
    }
    return badRequestResponse(res, "Error deleting API key", err);
  }
}

exports.getAllTokens = async (req, res) => {
  try {
    const tokens = await prisma.appCredential.findMany({
      orderBy: {
        CreatedAt_AC: 'desc'
      }
    });

    return successResponse(res, "API tokens retrieved successfully!", {
      total: tokens.length,
      tokens: tokens
    });

  } catch (err) {
    return badRequestResponse(res, "Error retrieving API tokens", err);
  }
}