package main

import (
	"net/http"
	"strings"

	"menu/handlers"

	"github.com/go-chi/chi/v5"
	"github.com/go-chi/chi/v5/middleware"
	"github.com/go-chi/cors"
)

func NewServer(app *handlers.App, address string, allowedOrigins string) *http.Server {
	r := chi.NewRouter()

	// Middleware
	r.Use(middleware.RequestID)
	r.Use(middleware.Recoverer)
	r.Use(middleware.Logger)
	r.Use(cors.Handler(cors.Options{
		AllowedOrigins:   makeAllowedOrigins(allowedOrigins),
		AllowedMethods:   []string{"GET", "POST", "OPTIONS"},
		AllowedHeaders:   []string{"Accept", "Authorization", "Content-Type"},
		AllowCredentials: true,
		MaxAge:           300,
	}))

	// Routes (bind methods to app)
	r.Post("/api/register", app.HandleRegister)
	r.Post("/api/login", app.HandleLogin)
	r.Get("/api/options", app.HandleOptions)
	r.Post("/api/selection", app.HandleSaveSelection)
	r.Get("/api/selection", app.HandleGetSelection)
	r.Get("/api/orders", app.HandleGetOrders)
	r.Post("/api/orders", app.HandleAddOrder)
	r.Get("/api/orders/stream", app.HandleOrdersStream)
	r.Delete("/api/orders/{id}", app.HandleDeleteOrder)
	r.Get("/api/me", app.HandleWhoAmI)
	r.Get("/api/finalize/time", app.HandleGetFinalizeTime)

	// Only role 0 and 1 allowed
	r.Route("/api/admin", func(r chi.Router) {
		r.Use(app.RequireLevel(1))
		r.Post("/menu", app.HandleAdminMenu)
		r.Get("/menu", app.HandleGetMenuRaw)
		r.Get("/users", app.HandleGetUsers)
		r.Delete("/users/{id}", app.HandleDeleteUser)
		r.Put("/users/{id}", app.HandleUpdateUser)
		r.Get("/orders", app.HandleGetAllOrders)
		r.Put("/orders/{id}/status", app.HandleAdminUpdateOrderStatus)
		r.Delete("/orders/{id}", app.HandleAdminDeleteOrder)
		r.Get("/finalize/time", app.HandleGetFinalizeTime)
		r.Post("/finalize/time", app.HandleSetFinalizeTime)
		r.Post("/finalize/now", app.HandleFinalizeNow)
		r.Get("/finalize/last", app.HandleGetLastSummary)
	})

	// Moderators (role <= 50)
	r.Route("/api/mod", func(r chi.Router) {
		r.Use(app.RequireLevel(50))
		r.Post("/menu", app.HandleAdminMenu) // menu editor
		r.Get("/menu", app.HandleGetMenuRaw)
		r.Get("/finalize/time", app.HandleGetFinalizeTime)
		r.Post("/finalize/time", app.HandleSetFinalizeTime)
		r.Post("/finalize/now", app.HandleFinalizeNow)
		r.Get("/finalize/last", app.HandleGetLastSummary)
	})

	// Return configured server
	return &http.Server{
		Addr:    address,
		Handler: r,
	}
}

func makeAllowedOrigins(origins string) []string {
	if origins == "" {
		origins = "*"
	}
	return strings.Split(strings.TrimSpace(origins), ",")
}