<?php

namespace App\Module\OpenAPI\Controllers;

use App\Module\OpenAPI\Services\AuthService;
use App\Module\OpenAPI\Services\OpenApiService;
use App\Module\OpenAPI\Validators\AuthValidator;
use Illuminate\Http\Request;
use Illuminate\Http\JsonResponse;

/**
 * 认证控制器
 */
class AuthController
{
    /**
     * @var AuthService
     */
    protected AuthService $authService;

    /**
     * @var OpenApiService
     */
    protected OpenApiService $openApiService;

    /**
     * @var AuthValidator
     */
    protected AuthValidator $authValidator;

    public function __construct(
        AuthService $authService,
        OpenApiService $openApiService,
        AuthValidator $authValidator
    ) {
        $this->authService = $authService;
        $this->openApiService = $openApiService;
        $this->authValidator = $authValidator;
    }

    /**
     * 获取访问令牌
     *
     * @param Request $request
     * @return JsonResponse
     */
    public function token(Request $request): JsonResponse
    {
        try {
            // 使用标准验证系统
            $validation = new \App\Module\OpenAPI\Validations\TokenRequestValidation($request->all());
            $validation->validate();

            if ($validation->isFail()) {
                return $this->errorResponse('参数验证失败', $validation->getErrors(), 400);
            }

            $data = $validation->getSafeData();
            $grantType = $data['grant_type'];

            // 根据授权类型处理
            switch ($grantType) {
                case 'client_credentials':
                    return $this->handleClientCredentials(
                        $validation->app,
                        $validation->scopes ?? []
                    );

                case 'authorization_code':
                    return $this->handleAuthorizationCode(
                        $validation->app,
                        $data['code'],
                        $validation->scopes ?? []
                    );

                case 'refresh_token':
                    return $this->handleRefreshToken($data['refresh_token']);

                default:
                    return $this->errorResponse('不支持的授权类型', [], 400);
            }

        } catch (\Exception $e) {
            return $this->errorResponse('获取令牌失败', ['message' => $e->getMessage()], 500);
        }
    }

    /**
     * 处理客户端凭证授权
     *
     * @param \App\Module\OpenAPI\Models\OpenApiApp $app
     * @param array $scopes
     * @return JsonResponse
     */
    protected function handleClientCredentials(\App\Module\OpenAPI\Models\OpenApiApp $app, array $scopes): JsonResponse
    {
        // 生成访问令牌
        $tokenData = $this->authService->generateAccessToken($app, 0, $scopes);

        return $this->successResponse('令牌获取成功', $tokenData);
    }

    /**
     * 处理授权码授权
     *
     * @param \App\Module\OpenAPI\Models\OpenApiApp $app
     * @param string $code
     * @param array $scopes
     * @return JsonResponse
     */
    protected function handleAuthorizationCode(\App\Module\OpenAPI\Models\OpenApiApp $app, string $code, array $scopes): JsonResponse
    {
        // 验证授权码
        $codeData = $this->authService->validateAuthCode($code, $app->app_id);
        if (!$codeData) {
            return $this->errorResponse('授权码无效', [], 400);
        }

        // 生成访问令牌
        $tokenData = $this->authService->generateAccessToken(
            $app,
            $codeData['user_id'],
            $scopes
        );

        return $this->successResponse('令牌获取成功', $tokenData);
    }

    /**
     * 处理刷新令牌
     *
     * @param string $refreshToken
     * @return JsonResponse
     */
    protected function handleRefreshToken(string $refreshToken): JsonResponse
    {
        // 刷新访问令牌
        $tokenData = $this->authService->refreshAccessToken($refreshToken);
        if (!$tokenData) {
            return $this->errorResponse('刷新令牌无效', [], 400);
        }

        return $this->successResponse('令牌刷新成功', $tokenData);
    }

    /**
     * 刷新令牌
     *
     * @param Request $request
     * @return JsonResponse
     */
    public function refresh(Request $request): JsonResponse
    {
        try {
            $refreshToken = $request->input('refresh_token');
            
            if (!$refreshToken) {
                return $this->errorResponse('缺少刷新令牌', [], 400);
            }

            $tokenData = $this->authService->refreshAccessToken($refreshToken);
            if (!$tokenData) {
                return $this->errorResponse('刷新令牌无效', [], 400);
            }

            return $this->successResponse('令牌刷新成功', $tokenData);

        } catch (\Exception $e) {
            return $this->errorResponse('刷新令牌失败', ['message' => $e->getMessage()], 500);
        }
    }

    /**
     * 撤销令牌
     *
     * @param Request $request
     * @return JsonResponse
     */
    public function revoke(Request $request): JsonResponse
    {
        try {
            $token = $request->input('token');

            if (!$token) {
                return $this->errorResponse('缺少令牌', [], 400);
            }

            // 这里可以实现令牌撤销逻辑
            // 暂时返回成功响应
            return $this->successResponse('令牌已撤销');

        } catch (\Exception $e) {
            return $this->errorResponse('撤销令牌失败', ['message' => $e->getMessage()], 500);
        }
    }

    /**
     * 生成JWT令牌
     *
     * @param Request $request
     * @return JsonResponse
     */
    public function jwt(Request $request): JsonResponse
    {
        try {
            $appId = $request->input('app_id');
            $appSecret = $request->input('app_secret');

            // 验证应用
            $app = $this->openApiService->validateApp($appId, $appSecret);
            if (!$app) {
                return $this->errorResponse('应用认证失败', [], 401);
            }

            // 生成JWT令牌
            $payload = [
                'user_id' => $request->input('user_id', 0),
                'scopes' => $app->scopes,
            ];

            $token = $this->authService->generateJwtToken($app, $payload);

            return $this->successResponse('JWT令牌生成成功', [
                'token' => $token,
                'token_type' => 'Bearer',
                'expires_in' => config('openapi.auth.jwt.expire', 3600),
            ]);

        } catch (\Exception $e) {
            return $this->errorResponse('生成JWT令牌失败', ['message' => $e->getMessage()], 500);
        }
    }

    /**
     * 验证JWT令牌
     *
     * @param Request $request
     * @return JsonResponse
     */
    public function verifyJwt(Request $request): JsonResponse
    {
        try {
            $token = $request->input('token');
            
            if (!$token) {
                return $this->errorResponse('缺少令牌', [], 400);
            }

            $payload = $this->authService->validateJwtToken($token);
            if (!$payload) {
                return $this->errorResponse('令牌无效', [], 401);
            }

            return $this->successResponse('令牌验证成功', $payload);

        } catch (\Exception $e) {
            return $this->errorResponse('验证令牌失败', ['message' => $e->getMessage()], 500);
        }
    }

    /**
     * 返回成功响应
     *
     * @param string $message
     * @param array $data
     * @return JsonResponse
     */
    protected function successResponse(string $message, array $data = []): JsonResponse
    {
        return response()->json([
            'success' => true,
            'message' => $message,
            'data' => $data,
            'timestamp' => time(),
        ]);
    }

    /**
     * 返回错误响应
     *
     * @param string $message
     * @param array $errors
     * @param int $code
     * @return JsonResponse
     */
    protected function errorResponse(string $message, array $errors = [], int $code = 400): JsonResponse
    {
        return response()->json([
            'success' => false,
            'message' => $message,
            'errors' => $errors,
            'timestamp' => time(),
        ], $code);
    }
}