<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\View\View;

class SetupPasswordController extends Controller
{
    public function create(Request $request): View
    {
        return view('auth.setup-password', [
            'email' => (string) ($request->user()?->email ?? ''),
        ]);
    }

    public function store(Request $request): RedirectResponse
    {
        $validated = $request->validate([
            'password' => [
                'required',
                'string',
                'min:10',
                'regex:/\d/',
                'regex:/[^\w\s]/',
                'confirmed',
            ],
        ], [
            'password.min' => 'Your password must be at least 10 characters.',
            'password.regex' => 'Your password must include at least one number and one symbol.',
            'password.confirmed' => 'Password confirmation does not match.',
        ]);

        $request->user()->forceFill([
            'password' => Hash::make((string) $validated['password']),
            'onboarding_step' => 'password',
            'needs_password_reset' => false,
        ])->save();

        return redirect('/setup/username')->with('status', 'Password saved. Choose your public username to finish setup.');
    }
}