<?php

namespace App\Http\Controllers\Api\Tenant;

use App\Http\Controllers\Controller;
use App\Http\Resources\Tenant\EventJoinTokenResource;
use App\Models\Event;
use App\Models\EventJoinToken;
use App\Services\EventJoinTokenService;
use Illuminate\Http\Request;
use Illuminate\Http\Resources\Json\AnonymousResourceCollection;
use Illuminate\Support\Facades\Auth;

class EventJoinTokenController extends Controller
{
    public function __construct(private readonly EventJoinTokenService $joinTokenService) {}

    public function index(Request $request, Event $event): AnonymousResourceCollection
    {
        $this->authorizeEvent($request, $event);

        $tokens = $event->joinTokens()
            ->orderByDesc('created_at')
            ->get();

        return EventJoinTokenResource::collection($tokens);
    }

    public function store(Request $request, Event $event): JsonResponse
    {
        $this->authorizeEvent($request, $event);

        $validated = $request->validate([
            'label' => ['nullable', 'string', 'max:255'],
            'expires_at' => ['nullable', 'date', 'after:now'],
            'usage_limit' => ['nullable', 'integer', 'min:1'],
            'metadata' => ['nullable', 'array'],
        ]);

        $token = $this->joinTokenService->createToken($event, array_merge($validated, [
            'created_by' => Auth::id(),
        ]));

        return (new EventJoinTokenResource($token))
            ->response()
            ->setStatusCode(201);
    }

    public function destroy(Request $request, Event $event, EventJoinToken $joinToken): EventJoinTokenResource
    {
        $this->authorizeEvent($request, $event);

        if ($joinToken->event_id !== $event->id) {
            abort(404);
        }

        $reason = $request->input('reason');
        $token = $this->joinTokenService->revoke($joinToken, $reason);

        return new EventJoinTokenResource($token);
    }

    private function authorizeEvent(Request $request, Event $event): void
    {
        $tenantId = $request->attributes->get('tenant_id');

        if ($event->tenant_id !== $tenantId) {
            abort(404, 'Event not found');
        }
    }
}