<?php

declare(strict_types=1);

namespace App\Http\Controllers\Api\V1;

use App\Enums\EmailTemplateType;
use App\Enums\PersonStatus;
use App\Http\Controllers\Controller;
use App\Http\Controllers\Api\V1\Traits\VerifiesOrganisationEvent;
use App\Http\Requests\Api\V1\StorePersonFromMemberRequest;
use App\Http\Requests\Api\V1\StorePersonRequest;
use App\Http\Requests\Api\V1\UpdatePersonRequest;
use App\Http\Resources\Api\V1\PersonCollection;
use App\Http\Resources\Api\V1\PersonResource;
use App\Models\Event;
use App\Models\Organisation;
use App\Models\Person;
use App\Models\User;
use App\Services\EmailService;
use App\Services\PersonIdentityService;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Password;
use Illuminate\Support\Str;
use Illuminate\Validation\ValidationException;

final class PersonController extends Controller
{
    use VerifiesOrganisationEvent;

    public function __construct(
        private readonly PersonIdentityService $identityService,
        private readonly EmailService $emailService,
    ) {}

    public function index(Request $request, Organisation $organisation, Event $event): PersonCollection
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('viewAny', [Person::class, $event]);

        $query = $event->persons()->with(['crowdType', 'pendingIdentityMatch.matchedUser', 'user']);

        if ($request->filled('crowd_type_id')) {
            $query->where('crowd_type_id', $request->input('crowd_type_id'));
        }

        if ($request->filled('status')) {
            $query->where('status', $request->input('status'));
        }

        if ($request->filled('tag')) {
            $organisation = $event->organisation;
            $query->whereHas('user', function ($q) use ($request, $organisation) {
                $q->whereHas('organisationTags', function ($q2) use ($request, $organisation) {
                    $q2->where('organisation_id', $organisation->id)
                        ->where('person_tag_id', $request->input('tag'));
                });
            });
        }

        if ($request->filled('tags')) {
            $organisation = $event->organisation;
            $tagIds = explode(',', $request->input('tags'));
            foreach ($tagIds as $tagId) {
                $query->whereHas('user', function ($q) use ($tagId, $organisation) {
                    $q->whereHas('organisationTags', function ($q2) use ($tagId, $organisation) {
                        $q2->where('organisation_id', $organisation->id)
                            ->where('person_tag_id', $tagId);
                    });
                });
            }
        }

        return new PersonCollection($query->get());
    }

    public function show(Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('view', [$person, $event]);

        $person->load(['crowdType', 'company', 'user', 'pendingIdentityMatch.matchedUser']);

        return $this->success(new PersonResource($person));
    }

    public function store(StorePersonRequest $request, Organisation $organisation, Event $event): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('create', [Person::class, $event]);

        $person = $event->persons()->create($request->validated());

        // Identity match detection is handled automatically by PersonObserver

        return $this->created(new PersonResource($person->fresh()->load('crowdType')));
    }

    public function update(UpdatePersonRequest $request, Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('update', [$person, $event]);

        $person->update($request->validated());
        $person->load(['crowdType', 'company']);

        return $this->success(new PersonResource($person->fresh()->load(['crowdType', 'company'])));
    }

    public function destroy(Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('delete', [$person, $event]);

        $person->delete();

        return response()->json(null, 204);
    }

    public function createFromMember(StorePersonFromMemberRequest $request, Organisation $organisation, Event $event): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('create', [Person::class, $event]);

        $user = User::findOrFail($request->validated('user_id'));

        if (Person::withoutGlobalScopes()->where('event_id', $event->id)->where('user_id', $user->id)->exists()) {
            throw ValidationException::withMessages([
                'user_id' => ['Dit lid is al toegevoegd aan dit evenement.'],
            ]);
        }

        if (!$user->organisations()->where('organisations.id', $event->organisation_id)->exists()) {
            throw ValidationException::withMessages([
                'user_id' => ['Dit lid behoort niet tot deze organisatie.'],
            ]);
        }

        $person = Person::create([
            'event_id' => $event->id,
            'crowd_type_id' => $request->validated('crowd_type_id'),
            'first_name' => $user->first_name,
            'last_name' => $user->last_name,
            'email' => $user->email,
            'status' => PersonStatus::APPROVED->value,
        ]);

        $person->user_id = $user->id;
        $person->save();

        activity()
            ->causedBy(auth()->user())
            ->performedOn($person)
            ->withProperties(['source' => 'from_member', 'user_name' => $user->full_name])
            ->log('person.created_from_member');

        return $this->created(new PersonResource($person->load('crowdType')));
    }

    public function approve(Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('approve', [$person, $event]);

        $person->update(['status' => 'approved']);

        // Link person to user account (create if needed) using person.email as source of truth
        $userCreated = false;
        if ($person->email && ! $person->user_id) {
            $user = User::where('email', strtolower($person->email))->first();

            if (! $user) {
                $user = User::create([
                    'first_name' => $person->first_name,
                    'last_name' => $person->last_name,
                    'email' => strtolower($person->email),
                    'password' => Hash::make(Str::random(40)),
                ]);
                $userCreated = true;
            }

            $person->user_id = $user->id;
            $person->save();
        }

        if ($person->email) {
            $portalUrl = config('app.frontend_portal_url');

            if ($userCreated) {
                // New account — send "set password" email with token
                $user = User::find($person->user_id);
                $token = Password::broker()->createToken($user);
                $actionUrl = $portalUrl . '/wachtwoord-instellen?token=' . $token . '&email=' . urlencode($user->email);
            } else {
                // Existing account — send portal link
                $actionUrl = $portalUrl . '/evenementen';
            }

            $this->emailService->send(
                type: EmailTemplateType::REGISTRATION_APPROVED,
                recipientEmail: $person->email,
                recipientName: trim($person->first_name . ' ' . $person->last_name),
                variables: [
                    'event_name' => $event->name,
                    'organisation_name' => $organisation->name,
                ],
                actionUrl: $actionUrl,
                organisation: $organisation,
                eventId: $event->id,
                personId: $person->id,
                triggeredByUserId: auth()->id(),
            );
        }

        activity('registration')
            ->causedBy(auth()->user())
            ->performedOn($person)
            ->withProperties([
                'user_created' => $userCreated,
                'user_email' => $person->email,
            ])
            ->log('person.approved');

        return $this->success(new PersonResource($person->fresh()->load('crowdType')));
    }

    public function reject(Request $request, Organisation $organisation, Event $event, Person $person): JsonResponse
    {
        $this->verifyEventBelongsToOrganisation($organisation, $event);
        Gate::authorize('approve', [$person, $event]);

        $person->update(['status' => 'rejected']);

        if ($person->email) {
            $this->emailService->send(
                type: EmailTemplateType::REGISTRATION_REJECTED,
                recipientEmail: $person->email,
                recipientName: trim($person->first_name . ' ' . $person->last_name),
                variables: [
                    'event_name' => $event->name,
                    'organisation_name' => $organisation->name,
                ],
                organisation: $organisation,
                eventId: $event->id,
                personId: $person->id,
                triggeredByUserId: auth()->id(),
            );
        }

        return $this->success(new PersonResource($person->fresh()->load('crowdType')));
    }
}