<?php

namespace App\Http\Controllers;

use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Auth;
class AuthController extends Controller
{
    protected $apiBaseUrl = 'http://192.168.100.6:8081/api';

    /**
     * Show the login form
     */
    public function showLoginForm()
    {
        return view('login');
    }

    /**
     * Handle login form submission by calling the API
     */
  public function login(Request $request)
{
    $credentials = $request->only('username', 'password');

    if (Auth::attempt($credentials)) {
        $request->session()->regenerate();
        $user = Auth::user();

        // Always redirect to my-profile route, let the route's controller handle the user
        return redirect()->route('my-profile');
    }
    return redirect()->back()->with('error', 'Invalid username or password');
}

public function showMyProfile()
    {
        // Fetch the authenticated user
        $user = Auth::user();

        // If no user is authenticated, redirect to login
        if (!$user) {
            return redirect()->route('login')->with('error', 'Please log in to view your profile.');
        }

        // Pass the user to the view
        return view('pages.my-profile', compact('user'));
    }


    /**
     * Show the change password form
     */
    public function showChangePasswordForm()
    {
        if (!session()->has('admin_uuid')) {
            return redirect()->route('login')->withErrors(['error' => 'Unauthorized access']);
        }

        return view('change-password');
    }

    /**
     * Handle change password form submission by calling the API
     */
    public function changePassword(Request $request)
    {
        $url = "{$this->apiBaseUrl}/cms/login_changePassword";
        $csrfToken = $request->session()->token();

        try {
            $response = Http::withHeaders([
                'X-CSRF-TOKEN' => $csrfToken,
                'Accept' => 'application/json',
                'Authorization' => 'Bearer ' . session('token'),
            ])->post($url, [
                'admin_uuid' => $request->input('admin_uuid'),
                'password' => $request->input('password'),
            ]);

            $data = $response->json();

            Log::info('Change Password API Response: ', [$data]);

            if ($response->successful() && isset($data['code']) && $data['code'] === 200) {
                if (isset($data['data']['access_token'])) {
                    session(['token' => $data['data']['access_token']]);
                } elseif (isset($data['data']['token'])) {
                    session(['token' => $data['data']['token']]);
                }
                session()->forget('admin_uuid');
                return redirect()->route('my-profile')->with('success', $data['message'] ?? 'Password changed successfully');
            }

            return redirect()->back()->withErrors(['error' => $data['message'] ?? 'Failed to change password']);
        } catch (\Exception $e) {
            Log::error('Change Password Exception: ' . $e->getMessage());
            return redirect()->back()->withErrors(['error' => 'Password change request failed: ' . $e->getMessage()]);
        }
    }

    /**
     * Handle logout by calling the API
     */
    public function logout(Request $request)
    {
        $url = "{$this->apiBaseUrl}/logout_cms";
        $csrfToken = $request->session()->token();

        try {
            Http::withHeaders([
                'X-CSRF-TOKEN' => $csrfToken,
                'Accept' => 'application/json',
                'Authorization' => 'Bearer ' . session('token'),
            ])->post($url);

            session()->flush();
            return redirect()->route('login')->with('success', 'Logged out successfully');
        } catch (\Exception $e) {
            Log::error('Logout Exception: ' . $e->getMessage());
            session()->flush();
            return redirect()->route('login')->with('success', 'Logged out successfully');
        }
    }


}