import { Body, Controller, Get, Post, UseGuards } from '@nestjs/common';
import {
  ApiBearerAuth,
  ApiBody,
  ApiOperation,
  ApiUnauthorizedResponse,
  ApiTags,
} from '@nestjs/swagger';
import {
  ApiEnvelopeOkResponse,
} from '../../common/swagger/api-success-responses.decorator';
import {
  BooleanSuccessDto,
  LoginResponseDto,
  ProfileResponseDto,
} from '../../common/swagger/response-models.dto';
import { CurrentUser } from '../../common/decorators/current-user.decorator';
import { Public } from '../../common/decorators/public.decorator';
import { JwtAuthGuard } from '../../common/guards/jwt-auth.guard';
import type { JwtAuthUser } from '../../common/interfaces/jwt-auth-user.interface';
import { AuthService } from './auth.service';
import { LoginDto } from './dto/login.dto';
import { LogoutDto } from './dto/logout.dto';
import { RefreshTokenDto } from './dto/refresh-token.dto';

@ApiTags('Auth')
@Controller('auth')
export class AuthController {
  constructor(private readonly authService: AuthService) {}

  @Public()
  @Post('login')
  @ApiOperation({ summary: 'Authenticate a user with email and password' })
  @ApiBody({ type: LoginDto })
  @ApiEnvelopeOkResponse(LoginResponseDto, 'Authenticated user tokens and profile')
  @ApiUnauthorizedResponse({ description: 'Invalid email or password' })
  login(@Body() body: LoginDto) {
    return this.authService.login(body);
  }

  @Public()
  @Post('refresh')
  @ApiOperation({ summary: 'Rotate access and refresh tokens' })
  @ApiBody({ type: RefreshTokenDto })
  @ApiEnvelopeOkResponse(LoginResponseDto, 'Rotated access and refresh tokens')
  @ApiUnauthorizedResponse({ description: 'Invalid refresh token' })
  refresh(@Body() body: RefreshTokenDto) {
    return this.authService.refresh(body.refreshToken);
  }

  @Public()
  @Post('logout')
  @ApiOperation({ summary: 'Revoke the provided refresh token' })
  @ApiBody({ type: LogoutDto })
  @ApiEnvelopeOkResponse(BooleanSuccessDto, 'Refresh token revoked successfully')
  @ApiUnauthorizedResponse({ description: 'Invalid refresh token' })
  logout(@Body() body: LogoutDto) {
    return this.authService.logout(body.refreshToken);
  }
  
    @Get('ping')
    ping() {
      return { ok: true, route: 'auth-ping' };
    }

  @ApiBearerAuth()
  @UseGuards(JwtAuthGuard)
  @Get('profile')
  @ApiOperation({ summary: 'Get the authenticated user profile' })
  @ApiEnvelopeOkResponse(ProfileResponseDto, 'Authenticated user profile')
  @ApiUnauthorizedResponse({ description: 'Missing, expired, or invalid bearer token' })
  getProfile(@CurrentUser() user?: JwtAuthUser) {
    return this.authService.getProfile(user?.sub || '');
  }
}