<?php

namespace Modules\Primaya\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use App\Models\User;
use Crypt;
use Error;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Mail;
use Modules\Internal\Emails\SendVerifyEmail;
use Modules\Internal\Events\ForgetPassword;
use Illuminate\Support\Facades\Validator;
use Modules\Primaya\Helpers\ApiResponse;
use Illuminate\Support\Facades\DB;
use App\Helpers\Helper;
use App\Models\Corporate;
use Illuminate\Support\Facades\View;
use Tymon\JWTAuth\Facades\JWTAuth;
use Tymon\JWTAuth\Exceptions\JWTException;

class AuthController extends Controller
{
    public function loginJwt(Request $request)
    {
        $data = [
            'email' => $request->email,
            'password' => $request->password
        ];

        $validator = Validator::make($request->all(), [
            'email' => 'required|email',
            'password' => 'required'
        ]);

        if ($validator->fails()) {
            return ApiResponse::apiResponse(
                'Bad Request',
                $data,
                $validator->errors(),
                400
            );
        }

        // 🔥 1️⃣ Ambil header
        $apiKey = $request->header('X-API-KEY');
        $apiSecret = $request->header('X-API-SECRET');

        if (empty($apiKey) || empty($apiSecret)) {
            return ApiResponse::apiResponse(
                'Unauthorized',
                null,
                'API Key dan Secret wajib diisi',
                401
            );
        }

        // 🔥 2️⃣ Validasi corporate
        $corporate = Corporate::where('api_key', $apiKey)
            ->where('api_secret', $apiSecret)
            ->first();

        if (!$corporate) {
            return ApiResponse::apiResponse(
                'Unauthorized',
                null,
                'Invalid API Key',
                401
            );
        }

        // 🔥 3️⃣ Cari user sesuai corporate
        $user = User::where('email', $request->email)
            ->where('corporate_id', $corporate->id)
            ->first();

        if (!$user || !Hash::check($request->password, $user->password)) {
            return ApiResponse::apiResponse(
                'Unauthorized',
                $data,
                'Email atau password salah',
                401
            );
        }

        try {
            // 🔥 4️⃣ Generate JWT dengan claim corporate_id
            $token = auth('corporate-api')->claims([
                'corporate_id' => $corporate->id
            ])->login($user);

        } catch (JWTException $e) {
            return ApiResponse::apiResponse(
                'Error',
                null,
                'Gagal membuat token',
                500
            );
        }

        $res_data = [
            'user' => $user,
            'corporate_id' => $corporate->id,
            'token' => $token,
            'type' => 'Bearer',
            'expires_in' => auth('corporate-api')->factory()->getTTL() * 60
        ];

        return ApiResponse::apiResponse(
            "Success",
            $res_data,
            'Login berhasil',
            200
        );
    }
}