using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using PlaylistShared.Api.Entities;
using PlaylistShared.Api.Extensions;
using PlaylistShared.Api.Services;
using PlaylistShared.Shared;
using PlaylistShared.Shared.DTO;
using PlaylistShared.Shared.Enums;

namespace PlaylistShared.Api.Controllers;

[ApiController]
[Route("api/[controller]")]
[AllowAnonymous]
public class YandexSearchController : ControllerBase
{
    private readonly UserManager<ApplicationUser> _userManager;
    private readonly YandexMusicService _yandexService;
    private readonly SharedPlaylistService _sharedPlaylistService;

    public YandexSearchController(UserManager<ApplicationUser> userManager, YandexMusicService yandexService, SharedPlaylistService sharedPlaylistService)
    {
        _userManager = userManager;
        _yandexService = yandexService;
        _sharedPlaylistService = sharedPlaylistService;
    }

    [HttpGet("tracks")]
    public async Task<ActionResult<ApiResponse<List<YandexTrack>>>> SearchQuery(
        [FromQuery] string query,
        [FromQuery] int limit = 20,
        [FromQuery] TrackSearchType? searchType = TrackSearchType.All,
        [FromQuery] bool byId = false,
        [FromQuery] string? shared_id = null)
    {
        if (string.IsNullOrWhiteSpace(query))
            return BadRequest(ApiResponse<List<YandexTrack>>.Fail(new ErrorResponse
            {
                StatusCode = 400,
                Message = "Поисковый запрос не может быть пустым."
            }));

        ApplicationUser? user = null;
        var userId = User.GetUserIdOrNull();
        if (userId.HasValue)
            user = await _userManager.FindByIdAsync(userId.Value.ToString());

        // Если нет пользователя или у него нет токена, пробуем через shared_id
        if (user == null || string.IsNullOrEmpty(_yandexService.DecryptToken(user.YandexAccessToken)))
        {
            if (string.IsNullOrEmpty(shared_id))
                return Unauthorized("Не установлен яндекс токен.");

            var playlist = await _sharedPlaylistService.GetEntityByTokenAsync(shared_id);
            if (playlist == null) return NotFound("Не найден плейлист.");

            if (!await _sharedPlaylistService.CanAddTrackAsync(playlist, userId))
                return StatusCode(403, "Нет доступа для добавления трека.");

            var owner = await _userManager.FindByIdAsync(playlist.CreatorUserId.ToString());
            if (owner == null) return StatusCode(500, "Не удалось найти владельца плейлиста.");
            user = owner;
        }

        var decryptedToken = _yandexService.DecryptToken(user.YandexAccessToken);
        if (string.IsNullOrEmpty(decryptedToken))
            return BadRequest(ApiResponse<List<YandexTrack>>.Fail(new ErrorResponse
            {
                StatusCode = 400,
                Message = "Токен Яндекс.Музыки не установлен или недействителен."
            }));

        List<YandexTrack>? results = null;

        if (byId)
        {
            results = await _yandexService.SearchTracksByIdAsync(user, query, searchType.Value, limit);
        }
        else
        {
            results = await _yandexService.SearchTracksAsync(user, query, searchType, limit);
        }

        return Ok(ApiResponse<List<YandexTrack>>.Ok(results));
    }
}