using Budget.Core.Models;
using Budget.Infrastructure.Data;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;

namespace Budget.Api.Controllers;

[ApiController]
[Route("api/users")]
[Authorize(Roles = "admin,user")]
public class UsersController(AppDbContext db) : ControllerBase
{
    [HttpPost("me")]
    public async Task<IActionResult> RegisterMe()
    {
        var sub = User.FindFirst("sub")?.Value;
        var email = User.FindFirst("email")?.Value;
        var name = User.FindFirst("name")?.Value;

        if (sub is null || email is null || name is null)
            return Unauthorized();

        var known = await db.KnownUsers.FindAsync(sub);
        if (known is null)
        {
            db.KnownUsers.Add(new KnownUser { Id = sub, Email = email, Name = name, LastSeenAt = DateTimeOffset.UtcNow });
        }
        else
        {
            known.Email = email;
            known.Name = name;
            known.LastSeenAt = DateTimeOffset.UtcNow;
        }

        var pending = await db.BudgetShares
            .Where(s => s.IsPending && s.SharedWithEmail == email)
            .ToListAsync();

        foreach (var share in pending)
        {
            share.SharedWithUserId = sub;
            share.IsPending = false;
        }

        await db.SaveChangesAsync();
        return NoContent();
    }
}