import DatabaseClient
import Dependencies
import Fluent
import SharedModels
import Vapor

// TODO: Add update and get by id.
struct UserApiController: RouteCollection {

  @Dependency(\.database.users) var users

  func boot(routes: any RoutesBuilder) throws {
    let unProtected = routes.apiUnprotected(route: "users")
    let protected = routes.apiProtected(route: "users")

    unProtected.post(use: create(req:))
    protected.get(use: index(req:))
    protected.get("login", use: login(req:))
    protected.group(":id") {
      $0.delete(use: delete(req:))
    }
  }

  @Sendable
  func index(req: Request) async throws -> [User] {
    try await users.fetchAll()
  }

  @Sendable
  func create(req: Request) async throws -> User {
    // Allow the first user to be created without authentication.
    let count = try await users.count()
    if count > 0 {
      guard req.auth.get(User.self) != nil else {
        throw Abort(.unauthorized)
      }
    }
    return try await users.create(req.content.decode(User.Create.self))
  }

  @Sendable
  func login(req: Request) async throws -> User.Token {
    let user = try req.auth.require(User.self)
    return try await users.token(user.id)
  }

  @Sendable
  func delete(req: Request) async throws -> HTTPStatus {
    try await users.delete(req.ensureIDPathComponent())
    return .ok
  }
}