<?php

namespace App\Http\Middleware;

use App\Services\Security\CaptchaVerifier;
use cPad\Plugins\Forum\Services\Security\BotProtectionService;
use Closure;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Validation\ValidationException;
use Symfony\Component\HttpFoundation\Response;

class ForumBotProtectionMiddleware
{
    public function __construct(
        private readonly BotProtectionService $botProtectionService,
        private readonly CaptchaVerifier $captchaVerifier,
    ) {
    }

    public function handle(Request $request, Closure $next, string $action = 'generic'): Response|RedirectResponse|JsonResponse
    {
        if (! (bool) config('forum_bot_protection.enabled', true)) {
            return $next($request);
        }

        if ($this->shouldBypassForLocalE2E($request)) {
            return $next($request);
        }

        $assessment = $this->botProtectionService->assess($request, $action);
        $request->attributes->set('forum_bot_assessment', $assessment);

        if ($this->requiresCaptcha($assessment, $action)) {
            $captcha = $this->captchaVerifier->frontendConfig();
            $tokenInput = (string) ($captcha['inputName'] ?? $this->captchaVerifier->inputName());
            $token = (string) (
                $request->input($tokenInput)
                ?: $request->header('X-Captcha-Token', '')
                ?: $request->header('X-Turnstile-Token', '')
            );

            if (! $this->captchaVerifier->verify($token, $request->ip())) {
                $message = (string) config('forum_bot_protection.captcha.message', 'Complete the captcha challenge to continue.');

                if ($request->expectsJson()) {
                    return response()->json([
                        'message' => $message,
                        'errors' => [
                            'captcha' => [$message],
                        ],
                        'requires_captcha' => true,
                        'captcha' => $captcha,
                        'captcha_provider' => (string) ($captcha['provider'] ?? $this->captchaVerifier->provider()),
                        'captcha_site_key' => (string) ($captcha['siteKey'] ?? ''),
                        'captcha_input' => (string) ($captcha['inputName'] ?? $tokenInput),
                        'captcha_script_url' => (string) ($captcha['scriptUrl'] ?? ''),
                    ], 422);
                }

                return redirect()->back()
                    ->withInput($request->except(['password', 'current_password', 'new_password', 'new_password_confirmation', $tokenInput]))
                    ->withErrors(['captcha' => $message])
                    ->with('bot_captcha_required', true)
                    ->with('bot_turnstile_required', true);
            }

            $request->attributes->set('forum_bot_captcha_verified', true);
        }

        if ((bool) ($assessment['blocked'] ?? false)) {
            $message = 'Suspicious activity detected.';

            if ($request->expectsJson()) {
                return response()->json([
                    'message' => $message,
                    'errors' => [
                        'bot' => [$message],
                    ],
                ], 429);
            }

            throw ValidationException::withMessages([
                'bot' => [$message],
            ]);
        }

        return $next($request);
    }

    private function requiresCaptcha(array $assessment, string $action): bool
    {
        if (! $this->captchaVerifier->isEnabled()) {
            return false;
        }

        if ((int) ($assessment['risk_score'] ?? 0) < (int) config('forum_bot_protection.thresholds.captcha', 60)) {
            return false;
        }

        return in_array($action, (array) config('forum_bot_protection.captcha.actions', []), true);
    }

    private function shouldBypassForLocalE2E(Request $request): bool
    {
        if (! app()->environment(['local', 'testing'])) {
            return false;
        }

        if ($request->cookies->get('e2e_bot_bypass') === '1') {
            return true;
        }

        $userAgent = strtolower((string) $request->userAgent());

        return str_contains($userAgent, 'headlesschrome') || str_contains($userAgent, 'playwright');
    }
}