package api

import (
	"github.com/veypi/vbase/internal/api/auth"
	"github.com/veypi/vbase/internal/api/middleware"
	"github.com/veypi/vbase/internal/api/oauth"
	"github.com/veypi/vbase/internal/api/org"
	"github.com/veypi/vbase/internal/api/user"
	"github.com/veypi/vigo"
	"github.com/veypi/vigo/contrib/common"
)

// NewRouter 创建API路由
func NewRouter() vigo.Router {
	r := vigo.NewRouter()

	// 全局中间件
	r.Use(middleware.AuthRequired())
	r.Use(middleware.OrgContext())
	r.After(common.JsonResponse, common.JsonErrorResponse)

	// === 公开路由 ===
	authRouter := vigo.NewRouter()
	authRouter.Use(vigo.SkipBefore)
	authRouter.Post("/login", "用户登录", auth.Login)
	authRouter.Post("/register", "用户注册", auth.Register)
	authRouter.Post("/refresh", "刷新Token", auth.Refresh)
	authRouter.Post("/logout", "用户登出", auth.Logout)
	// 第三方登录
	authRouter.Get("/providers", "支持的登录提供商", auth.ListProviders)
	authRouter.Get("/authorize/thirdparty", "第三方登录授权", auth.AuthorizeThirdParty)
	authRouter.Get("/callback/{provider}", "第三方登录回调", auth.CallbackThirdParty)
	authRouter.Post("/bind", "绑定第三方账号", auth.BindThirdParty)
	authRouter.Post("/bind-register", "绑定并注册", auth.BindWithRegister)
	r.Extend("/auth", authRouter)

	// === 当前用户 ===
	meRouter := vigo.NewRouter()
	meRouter.Get("/", "获取当前用户信息", auth.Me)
	meRouter.Patch("/", "更新当前用户信息", auth.UpdateMe)
	meRouter.Post("/change-password", "修改密码", auth.ChangePassword)
	// 第三方账号绑定
	meRouter.Get("/bindings", "第三方账号绑定列表", auth.ListBindings)
	meRouter.Post("/bindings", "绑定第三方账号", auth.AuthorizeThirdParty)
	meRouter.Delete("/bindings/{provider}", "解绑第三方账号", auth.UnbindThirdParty)
	r.Extend("/me", meRouter)

	// === 用户管理 ===
	userRouter := vigo.NewRouter()
	userRouter.Get("/", "用户列表", user.List)
	userRouter.Post("/", "创建用户", user.Create)
	userRouter.Get("/{user_id}", "获取用户详情", user.Get)
	userRouter.Patch("/{user_id}", "更新用户", user.Update)
	userRouter.Delete("/{user_id}", "删除用户", user.Delete)
	userRouter.Patch("/{user_id}/status", "更新用户状态", user.UpdateStatus)
	r.Extend("/users", userRouter)

	// === 组织管理 ===
	orgRouter := vigo.NewRouter()
	orgRouter.Get("/", "组织列表", org.List)
	orgRouter.Post("/", "创建组织", org.Create)
	orgRouter.Get("/{org_id}", "获取组织详情", org.Get)
	orgRouter.Patch("/{org_id}", "更新组织", org.Update)
	orgRouter.Delete("/{org_id}", "删除组织", org.Delete)
	orgRouter.Get("/tree", "组织树", org.Tree)
	orgRouter.Get("/{org_id}/members", "组织成员列表", org.ListMembers)
	r.Extend("/orgs", orgRouter)

	// === OAuth2.0服务端 ===
	oauthRouter := vigo.NewRouter()
	// OAuth公开端点
	oauthRouter.Use(vigo.SkipBefore)
	oauthRouter.Get("/authorize", "授权端点", oauth.Authorize)
	oauthRouter.Post("/token", "令牌端点", oauth.Token)
	oauthRouter.Post("/revoke", "撤销令牌", oauth.Revoke)
	oauthRouter.Post("/introspect", "令牌内省", oauth.Introspect)
	oauthRouter.Get("/userinfo", "用户信息(OIDC)", oauth.UserInfo)
	oauthRouter.Get("/.well-known/openid-configuration", "OIDC发现文档", oauth.Discovery)
	oauthRouter.Get("/jwks", "JWKS公钥", oauth.JWKS)
	r.Extend("/oauth", oauthRouter)

	// OAuth客户端管理
	oauthClientRouter := vigo.NewRouter()
	oauthClientRouter.Get("/", "OAuth客户端列表", oauth.ListClients)
	oauthClientRouter.Post("/", "创建OAuth客户端", oauth.CreateClient)
	oauthClientRouter.Get("/{client_id}", "获取客户端详情", oauth.GetClient)
	oauthClientRouter.Patch("/{client_id}", "更新OAuth客户端", oauth.UpdateClient)
	oauthClientRouter.Delete("/{client_id}", "删除OAuth客户端", oauth.DeleteClient)
	oauthClientRouter.Post("/{client_id}/regenerate-secret", "重新生成密钥", oauth.RegenerateSecret)
	r.Extend("/oauth/clients", oauthClientRouter)

	return r
}