import * as plugins from '../../plugins.js';
import type { OpsServer } from '../classes.opsserver.js';
import * as interfaces from '../../../ts_interfaces/index.js';

export class ApiTokenHandler {
  public typedrouter = new plugins.typedrequest.TypedRouter();

  constructor(private opsServerRef: OpsServer) {
    this.opsServerRef.typedrouter.addTypedRouter(this.typedrouter);
    this.registerHandlers();
  }

  /**
   * Token management requires admin JWT only (tokens cannot manage tokens).
   */
  private async requireAdmin(identity?: interfaces.data.IIdentity): Promise<string> {
    if (!identity?.jwt) {
      throw new plugins.typedrequest.TypedResponseError('unauthorized');
    }
    const isAdmin = await this.opsServerRef.adminHandler.adminIdentityGuard.exec({ identity });
    if (!isAdmin) {
      throw new plugins.typedrequest.TypedResponseError('admin access required');
    }
    return identity.userId;
  }

  private registerHandlers(): void {
    // Create API token
    this.typedrouter.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_CreateApiToken>(
        'createApiToken',
        async (dataArg) => {
          const userId = await this.requireAdmin(dataArg.identity);
          const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
          if (!manager) {
            return { success: false, message: 'Token management not initialized' };
          }
          const result = await manager.createToken(
            dataArg.name,
            dataArg.scopes,
            dataArg.expiresInDays ?? null,
            userId,
          );
          return { success: true, tokenId: result.id, tokenValue: result.rawToken };
        },
      ),
    );

    // List API tokens
    this.typedrouter.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ListApiTokens>(
        'listApiTokens',
        async (dataArg) => {
          await this.requireAdmin(dataArg.identity);
          const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
          if (!manager) {
            return { tokens: [] };
          }
          return { tokens: manager.listTokens() };
        },
      ),
    );

    // Revoke API token
    this.typedrouter.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_RevokeApiToken>(
        'revokeApiToken',
        async (dataArg) => {
          await this.requireAdmin(dataArg.identity);
          const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
          if (!manager) {
            return { success: false, message: 'Token management not initialized' };
          }
          const ok = await manager.revokeToken(dataArg.id);
          return { success: ok, message: ok ? undefined : 'Token not found' };
        },
      ),
    );

    // Toggle API token
    this.typedrouter.addTypedHandler(
      new plugins.typedrequest.TypedHandler<interfaces.requests.IReq_ToggleApiToken>(
        'toggleApiToken',
        async (dataArg) => {
          await this.requireAdmin(dataArg.identity);
          const manager = this.opsServerRef.dcRouterRef.apiTokenManager;
          if (!manager) {
            return { success: false, message: 'Token management not initialized' };
          }
          const ok = await manager.toggleToken(dataArg.id, dataArg.enabled);
          return { success: ok, message: ok ? undefined : 'Token not found' };
        },
      ),
    );
  }
}