import { Router } from 'express';
import { accessService } from '../services/access.js';
import { authenticate, requireCreator } from '../middleware/auth.js';
import { validateBody, verifyAccessSchema } from '../utils/validation.js';

const router = Router();

// Verify access token (public endpoint for embeds)
router.post('/verify', validateBody(verifyAccessSchema), async (req, res, next) => {
  try {
    const { token, paywallId, deviceFingerprint } = req.body;
    
    const result = await accessService.verifyAccess(token, paywallId, deviceFingerprint);

    res.json({
      valid: result.valid,
      originalUrl: result.paywall.originalUrl,
      customSuccessMessage: result.paywall.customSuccessMessage,
      expiresAt: result.accessGrant.expiresAt,
    });
  } catch (error) {
    // Return structured error for access verification
    res.status(error.statusCode || 401).json({
      valid: false,
      error: error.message,
    });
  }
});

// Check access by cookie/tokenId (for re-access)
router.get('/check/:paywallId', async (req, res, next) => {
  try {
    const { paywallId } = req.params;
    
    // Try to get token from cookie
    const accessToken = req.cookies?.[`access_token_${paywallId}`];
    const tokenId = req.cookies?.[`token_id_${paywallId}`];

    if (accessToken) {
      try {
        const result = await accessService.verifyAccess(accessToken, paywallId);
        return res.json({
          hasAccess: true,
          originalUrl: result.paywall.originalUrl,
          expiresAt: result.accessGrant.expiresAt,
        });
      } catch (error) {
        // Token invalid, continue to check tokenId
      }
    }

    if (tokenId) {
      const result = await accessService.checkAccessByCookie(tokenId, paywallId);
      return res.json(result);
    }

    res.json({ hasAccess: false });
  } catch (error) {
    next(error);
  }
});

// Revoke access (creator only)
router.post('/revoke/:accessGrantId', authenticate, requireCreator, async (req, res, next) => {
  try {
    const result = await accessService.revokeAccess(req.params.accessGrantId, req.user.id);
    res.json(result);
  } catch (error) {
    next(error);
  }
});

// List access grants for a paywall (creator only)
router.get('/paywall/:paywallId', authenticate, requireCreator, async (req, res, next) => {
  try {
    const { page = 1, limit = 20 } = req.query;
    const result = await accessService.getAccessByPaywall(req.params.paywallId, {
      page: parseInt(page),
      limit: parseInt(limit),
    });
    res.json(result);
  } catch (error) {
    next(error);
  }
});

export default router;