package handlers

import (
	"log"
	"net/http"
	"strconv"
	"threadr/models"

	"github.com/gorilla/sessions"
)

func AdminHandler(app *App) http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		session := r.Context().Value("session").(*sessions.Session)
		userID, ok := session.Values["user_id"].(int)
		if !ok {
			http.Redirect(w, r, app.Config.ThreadrDir+"/login/", http.StatusFound)
			return
		}

		user, err := models.GetUserByID(app.DB, userID)
		if err != nil {
			log.Printf("Error fetching user in AdminHandler: %v", err)
			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
			return
		}
		if user == nil || !models.HasGlobalPermission(user, models.PermManageUsers) {
			http.Error(w, "Forbidden", http.StatusForbidden)
			return
		}

		cookie, _ := r.Cookie("threadr_cookie_banner")

		if r.Method == http.MethodPost {
			action := r.URL.Query().Get("action")

			if action == "delete_user" {
				targetIDStr := r.FormValue("user_id")
				targetID, err := strconv.Atoi(targetIDStr)
				if err != nil || targetID <= 0 {
					http.Error(w, "Invalid user ID", http.StatusBadRequest)
					return
				}
				if targetID == userID {
					http.Error(w, "Cannot delete your own account", http.StatusBadRequest)
					return
				}
				if err := models.DeleteUser(app.DB, targetID); err != nil {
					log.Printf("Error deleting user %d: %v", targetID, err)
					http.Error(w, "Failed to delete user", http.StatusInternalServerError)
					return
				}
				http.Redirect(w, r, app.Config.ThreadrDir+"/admin/?deleted=true", http.StatusFound)
				return
			}

			allowSignup := r.FormValue("allow_signup") == "on"
			if err := models.SetAllowSignup(app.DB, allowSignup); err != nil {
				log.Printf("Error updating site settings in AdminHandler: %v", err)
				http.Error(w, "Failed to save settings", http.StatusInternalServerError)
				return
			}

			http.Redirect(w, r, app.Config.ThreadrDir+"/admin/?saved=true", http.StatusFound)
			return
		}

		if r.Method != http.MethodGet {
			http.Error(w, "Method Not Allowed", http.StatusMethodNotAllowed)
			return
		}

		settings, err := models.GetSiteSettings(app.DB)
		if err != nil {
			log.Printf("Error fetching site settings in AdminHandler: %v", err)
			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
			return
		}

		users, err := models.GetAllUsers(app.DB)
		if err != nil {
			log.Printf("Error fetching users in AdminHandler: %v", err)
			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
			return
		}

		data := struct {
			PageData
			AllowSignup  bool
			ShowSuccess  bool
			ShowDeleted  bool
			Users        []models.User
			CurrentUserID int
		}{
			PageData: PageData{
				Title:            "ThreadR - Admin",
				Navbar:           "admin",
				LoggedIn:         true,
				IsAdmin:          true,
				AllowSignup:      settings.AllowSignup,
				ShowCookieBanner: cookie == nil || cookie.Value != "accepted",
				BasePath:         app.Config.ThreadrDir,
				StaticPath:       app.Config.ThreadrDir + "/static",
				CurrentURL:       r.URL.RequestURI(),
			},
			AllowSignup:   settings.AllowSignup,
			ShowSuccess:   r.URL.Query().Get("saved") == "true",
			ShowDeleted:   r.URL.Query().Get("deleted") == "true",
			Users:         users,
			CurrentUserID: userID,
		}

		if err := app.Tmpl.ExecuteTemplate(w, "admin", data); err != nil {
			log.Printf("Error executing template in AdminHandler: %v", err)
			http.Error(w, "Internal Server Error", http.StatusInternalServerError)
			return
		}
	}
}