import DatabaseClient
import Dependencies
import Fluent
import SharedModels
import Vapor

// TODO: Add update and get by id.
struct UserApiController: RouteCollection {

  @Dependency(\.database.users) var users

  func boot(routes: any RoutesBuilder) throws {
    let unProtected = routes.apiUnprotected(route: "users")
    let protected = routes.apiProtected(route: "users")

    unProtected.post(use: create(req:))
    protected.get(use: index(req:))
    protected.get("login", use: login(req:))
    protected.group(":id") {
      $0.delete(use: delete(req:))
    }
  }

  @Sendable
  func index(req: Request) async throws -> [User] {
    try await users.fetchAll()
  }

  @Sendable
  func create(req: Request) async throws -> User {
    // Allow the first user to be created without authentication.
    // let count = try await User.query(on: req.db).count()
    let count = try await users.count()
    if count > 0 {
      guard req.auth.get(User.self) != nil else {
        throw Abort(.unauthorized)
      }
    }
    return try await users.create(req.content.decode(User.Create.self))
  }

  @Sendable
  func login(req: Request) async throws -> User {
    let user = try req.auth.require(User.self)
    return user
    // return try await users.login(user)
  }

  // @Sendable
  // func get(req: Request) async throws -> User.DTO {
  //   guard let id = req.parameters.get("id", as: User.IDValue.self),
  //   let user = users.
  // }

  @Sendable
  func delete(req: Request) async throws -> HTTPStatus {
    // guard let id = req.parameters.get("id", as: User.IDValue.self) else {
    //   throw Abort(.badRequest, reason: "User id not provided")
    // }
    let id = try req.ensureIDPathComponent()
    try await users.delete(id)
    return .ok
  }
}