package com.xuqm.im.controller;

import com.xuqm.common.model.ApiResponse;
import com.xuqm.common.security.AppRequestSignatureUtil;
import com.xuqm.im.service.ImAccountService;
import jakarta.validation.constraints.NotBlank;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import java.util.Map;

@RestController
@RequestMapping("/api/im/auth")
public class AuthController {

    private final ImAccountService accountService;

    public AuthController(ImAccountService accountService) {
        this.accountService = accountService;
    }

    @PostMapping("/login")
    public ResponseEntity<ApiResponse<Map<String, String>>> login(
            @RequestParam @NotBlank String appId,
            @RequestParam @NotBlank String userId,
            @RequestParam(required = false) String nickname,
            @RequestParam(required = false) String avatar,
            @RequestHeader(value = "X-App-Timestamp", required = false) String timestamp,
            @RequestHeader(value = "X-App-Nonce", required = false) String nonce,
            @RequestHeader(value = "X-App-Signature", required = false) String signature) {
        if (timestamp == null || nonce == null || signature == null) {
            return ResponseEntity.status(401).body(ApiResponse.error(401, "Missing app signature"));
        }
        accountService.validateSignature(appId, userId, nickname, avatar, timestamp, nonce, signature);
        String token = accountService.loginOrRegister(appId, userId, nickname, avatar);
        return ResponseEntity.ok(ApiResponse.success(Map.of("token", token)));
    }
}