import { Body, Controller, Post, HttpCode, HttpStatus, UseGuards, Get } from '@nestjs/common';
import { AuthService } from './auth.service';
import { TwoFactorService } from './two-factor.service';
import {
  RegisterDto,
  LoginDto,
  RefreshDto,
  ForgotPasswordDto,
  ResetPasswordDto,
  Enable2faDto,
  Verify2faEnableDto,
  Disable2faDto,
  Login2faDto,
} from './dto';
import { JwtAuthGuard } from '../../common/guards/jwt.guard';
import { CurrentUser } from '../../common/decorators/current-user.decorator';

@Controller('auth')
export class AuthController {
  constructor(
    private readonly authService: AuthService,
    private readonly twoFactorService: TwoFactorService,
  ) {}

  @Post('register')
  @HttpCode(HttpStatus.CREATED)
  async register(@Body() dto: RegisterDto) {
    return this.authService.register(dto);
  }

  @Post('login')
  @HttpCode(HttpStatus.OK)
  async login(@Body() dto: LoginDto) {
    return this.authService.login(dto);
  }

  @Post('refresh')
  @HttpCode(HttpStatus.OK)
  async refresh(@Body() dto: RefreshDto) {
    return this.authService.refresh(dto);
  }

  @Post('logout')
  @HttpCode(HttpStatus.OK)
  @UseGuards(JwtAuthGuard)
  async logout(@CurrentUser('userId') userId: string) {
    return this.authService.logout(userId);
  }

  @Post('forgot-password')
  @HttpCode(HttpStatus.OK)
  async forgotPassword(@Body() dto: ForgotPasswordDto) {
    // TODO: Implement email sending
    return { message: 'If the email exists, a reset link has been sent' };
  }

  @Post('reset-password')
  @HttpCode(HttpStatus.OK)
  async resetPassword(@Body() dto: ResetPasswordDto) {
    // TODO: Implement password reset
    return { message: 'Password updated successfully' };
  }

  @Get('sessions')
  @UseGuards(JwtAuthGuard)
  async getSessions(@CurrentUser('userId') userId: string) {
    // TODO: Return active sessions
    return { sessions: [] };
  }

  // ============ 2FA Endpoints ============

  @Post('2fa/enable')
  @HttpCode(HttpStatus.OK)
  @UseGuards(JwtAuthGuard)
  async enable2fa(@CurrentUser('userId') userId: string) {
    return this.twoFactorService.generateSecret(userId);
  }

  @Post('2fa/verify')
  @HttpCode(HttpStatus.OK)
  @UseGuards(JwtAuthGuard)
  async verify2fa(
    @CurrentUser('userId') userId: string,
    @Body() dto: Verify2faEnableDto,
  ) {
    return this.twoFactorService.verifyAndEnable(userId, dto.code);
  }

  @Post('2fa/disable')
  @HttpCode(HttpStatus.OK)
  @UseGuards(JwtAuthGuard)
  async disable2fa(
    @CurrentUser('userId') userId: string,
    @Body() dto: Disable2faDto,
  ) {
    return this.twoFactorService.disable(userId, dto.password);
  }

  @Post('2fa/backup-codes')
  @HttpCode(HttpStatus.OK)
  @UseGuards(JwtAuthGuard)
  async regenerateBackupCodes(@CurrentUser('userId') userId: string) {
    return this.twoFactorService.regenerateBackupCodes(userId);
  }

  @Get('2fa/status')
  @UseGuards(JwtAuthGuard)
  async get2faStatus(@CurrentUser('userId') userId: string) {
    return this.twoFactorService.getStatus(userId);
  }

  @Post('2fa/login')
  @HttpCode(HttpStatus.OK)
  async loginWith2fa(@Body() dto: Login2faDto) {
    return this.authService.loginWith2fa(dto);
  }
}