<?php

declare(strict_types=1);

namespace App\Http\Requests\Uploads;

use App\Models\Artwork;
use App\Repositories\Uploads\UploadSessionRepository;
use App\Services\Uploads\UploadTokenService;
use Illuminate\Foundation\Http\FormRequest;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

final class UploadFinishRequest extends FormRequest
{
    private ?Artwork $artwork = null;

    public function authorize(): bool
    {
        $user = $this->user();
        if (! $user) {
            $this->logUnauthorized('missing_user');
            $this->denyAsNotFound();
        }

        $sessionId = (string) $this->input('session_id');
        if ($sessionId === '') {
            $this->logUnauthorized('missing_session_id');
            $this->denyAsNotFound();
        }

        $sessions = $this->container->make(UploadSessionRepository::class);
        $session = $sessions->get($sessionId);
        if (! $session || $session->userId !== $user->id) {
            $this->logUnauthorized('not_owned_or_missing');
            $this->denyAsNotFound();
        }

        $token = $this->header('X-Upload-Token') ?: $this->input('upload_token');
        if ($token) {
            $tokens = $this->container->make(UploadTokenService::class);
            $payload = $tokens->get((string) $token);
            if (! $payload) {
                $this->logUnauthorized('invalid_token');
                $this->denyAsNotFound();
            }

            if (($payload['session_id'] ?? null) !== $sessionId) {
                $this->logUnauthorized('token_session_mismatch');
                $this->denyAsNotFound();
            }

            if ((int) ($payload['user_id'] ?? 0) !== (int) $user->id) {
                $this->logUnauthorized('token_user_mismatch');
                $this->denyAsNotFound();
            }
        }

        $artworkId = (int) $this->input('artwork_id');
        if ($artworkId <= 0) {
            $this->logUnauthorized('missing_artwork_id');
            $this->denyAsNotFound();
        }

        $archiveSessionId = (string) $this->input('archive_session_id');
        if ($archiveSessionId !== '') {
            $archiveSession = $sessions->get($archiveSessionId);
            if (! $archiveSession || $archiveSession->userId !== $user->id) {
                $this->logUnauthorized('archive_session_not_owned_or_missing');
                $this->denyAsNotFound();
            }
        }

        $additionalScreenshotSessions = $this->input('additional_screenshot_sessions', []);
        if (is_array($additionalScreenshotSessions)) {
            foreach ($additionalScreenshotSessions as $index => $payload) {
                $screenshotSessionId = (string) data_get($payload, 'session_id', '');
                if ($screenshotSessionId === '') {
                    continue;
                }

                $screenshotSession = $sessions->get($screenshotSessionId);
                if (! $screenshotSession || $screenshotSession->userId !== $user->id) {
                    $this->logUnauthorized('additional_screenshot_session_not_owned_or_missing');
                    logger()->warning('Upload finish additional screenshot session rejected', [
                        'index' => $index,
                        'session_id' => $screenshotSessionId,
                        'user_id' => $user->id,
                    ]);
                    $this->denyAsNotFound();
                }
            }
        }

        $artwork = Artwork::query()->find($artworkId);
        if (! $artwork || (int) $artwork->user_id !== (int) $user->id) {
            $this->logUnauthorized('artwork_not_owned_or_missing');
            $this->denyAsNotFound();
        }

        $this->artwork = $artwork;

        return true;
    }

    public function rules(): array
    {
        return [
            'session_id' => 'required|uuid',
            'artwork_id' => 'required|integer',
            'upload_token' => 'nullable|string|min:40|max:200',
            'file_name' => 'nullable|string|max:255',
            'archive_session_id' => 'nullable|uuid|different:session_id',
            'archive_file_name' => 'nullable|string|max:255',
            'additional_screenshot_sessions' => 'nullable|array|max:4',
            'additional_screenshot_sessions.*.session_id' => 'required|uuid|distinct|different:session_id|different:archive_session_id',
            'additional_screenshot_sessions.*.file_name' => 'nullable|string|max:255',
        ];
    }

    public function artwork(): Artwork
    {
        if (! $this->artwork) {
            $this->denyAsNotFound();
        }

        return $this->artwork;
    }

    private function denyAsNotFound(): void
    {
        throw new NotFoundHttpException();
    }

    private function logUnauthorized(string $reason): void
    {
        logger()->warning('Upload finish unauthorized access', [
            'reason' => $reason,
            'session_id' => (string) $this->input('session_id'),
            'artwork_id' => $this->input('artwork_id'),
            'user_id' => $this->user()?->id,
            'ip' => $this->ip(),
        ]);
    }
}