import { Body, Controller, Get, Post, Req, UnauthorizedException, UseGuards } from '@nestjs/common';
import { LoginDto } from './dto/login.dto';
import { AuthService } from './auth.service';
import { Public } from 'src/common/decorators/public.decorator';
import { RegisterDto } from './dto/register.dto';
import { RegisterParentDto } from './dto/register-parent.dto';
import { ApiBearerAuth, ApiOperation, ApiResponse, ApiTags } from '@nestjs/swagger';
import { AuthGuard } from 'src/common/guards/auth.guard';
import type { Request } from 'express';
import { UserService } from '../user/user.service';
import { ProfileResponseDto } from './dto/profile_response.dto';
import { RefreshTokenDto } from './dto/refresh_token.dto';
import { User } from 'src/common/decorators/user.decorator';
import { Users } from 'src/entities/users.entity';

@ApiTags('Authentification')
@Controller('auth')
export class AuthController {
    constructor(
        private readonly authService: AuthService,
        private readonly userService: UserService,
    ) { }


    @Public()
    @ApiOperation({ summary: 'Connexion' })
    @Post('login')
    async login(@Body() dto: LoginDto) {
        return this.authService.login(dto);
    }

    @Public()
    @Post('register')
    @ApiOperation({ summary: 'Inscription (OBSOLÈTE - utiliser /register/parent)' })
    @ApiResponse({ status: 409, description: 'Email déjà utilisé' })
    async register(@Body() dto: RegisterDto) {
        return this.authService.register(dto);
    }

    @Public()
    @Post('register/parent')
    @ApiOperation({ summary: 'Inscription Parent (étape 1/6)' })
    @ApiResponse({ status: 201, description: 'Inscription réussie' })
    @ApiResponse({ status: 409, description: 'Email déjà utilisé' })
    async registerParent(@Body() dto: RegisterParentDto) {
        return this.authService.registerParent(dto);
    }

    @Public()
    @Post('refresh')
    @ApiBearerAuth('refresh_token')
    @ApiResponse({ status: 200, description: 'Nouveaux tokens générés avec succès.' })
    @ApiResponse({ status: 401, description: 'Token de rafraîchissement invalide ou expiré.' })
    @ApiOperation({ summary: 'Rafraichir les tokens' })
    async refresh(@Body() dto: RefreshTokenDto) {
        return this.authService.refreshTokens(dto.refresh_token);
    }

    @Get('me')
    @UseGuards(AuthGuard)
    @ApiBearerAuth('access-token')
    @ApiOperation({ summary: "Récupérer le profil complet de l'utilisateur connecté" })
    @ApiResponse({ status: 200, type: ProfileResponseDto })
    async getProfile(@Req() req: Request): Promise<ProfileResponseDto> {
        if (!req.user || !req.user.sub) {
            throw new UnauthorizedException('Utilisateur non authentifié');
        }
        const user = await this.userService.findOne(req.user.sub);
        return {
            id: user.id,
            email: user.email,
            role: user.role,
            prenom: user.prenom ?? '',
            nom: user.nom ?? '',
            statut: user.statut,
        };
    }

    @UseGuards(AuthGuard)
    @ApiBearerAuth('access-token')
    @Post('logout')
    logout(@User() currentUser: Users) {
        return this.authService.logout(currentUser.id);
    }
}