<?php

declare(strict_types=1);

namespace OCA\F7Support\Controller;

use OCA\F7Support\Service\ConfigService;
use OCA\F7Support\Service\PushBridgeService;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
use OCP\IUserManager;

/**
 * Webhook for support.f7cloud.ru: notify F7cloud user about a new support reply.
 *
 * Header: X-F7-Support-Push-Secret or X-F7-Push-Secret
 * JSON: { userId?, email?, ticketNumber, body?, messagePreview?, ticketSubject? }
 */
class PushApiController extends OCSController {
	public function __construct(
		string $appName,
		IRequest $request,
		private ConfigService $config,
		private PushBridgeService $pushBridge,
		private IUserManager $userManager,
	) {
		parent::__construct($appName, $request);
	}

	public function notify(): DataResponse {
		if (!$this->authorize()) {
			return new DataResponse(['error' => 'forbidden'], Http::STATUS_FORBIDDEN);
		}

		$params = $this->request->getParams();
		$userId = trim((string)($params['userId'] ?? $params['user'] ?? ''));
		if ($userId === '') {
			$email = trim((string)($params['email'] ?? $params['clientEmail'] ?? ''));
			if ($email !== '') {
				$user = $this->userManager->getByEmail($email);
				if ($user !== null) {
					$userId = $user->getUID();
				}
			}
		}

		$ticketNumber = trim((string)($params['ticketNumber'] ?? $params['ticket'] ?? ''));
		$preview = trim((string)($params['body'] ?? $params['messagePreview'] ?? $params['preview'] ?? ''));
		$ticketSubject = trim((string)($params['ticketSubject'] ?? $params['subject'] ?? ''));

		if ($userId === '' || $ticketNumber === '') {
			return new DataResponse(
				['error' => 'userId (or email) and ticketNumber required'],
				Http::STATUS_BAD_REQUEST
			);
		}

		if ($this->userManager->get($userId) === null) {
			return new DataResponse(['error' => 'user not found'], Http::STATUS_NOT_FOUND);
		}

		$queued = $this->pushBridge->notifyNewSupportMessage(
			$userId,
			$ticketNumber,
			$preview,
			$ticketSubject !== '' ? $ticketSubject : null,
		);

		return new DataResponse([
			'success' => $queued,
			'queued' => $queued,
		]);
	}

	private function authorize(): bool {
		$header = $this->request->getHeader('X-F7-Support-Push-Secret');
		if ($header === '') {
			$header = $this->request->getHeader('X-F7-Push-Secret');
		}
		if ($header === '') {
			$header = (string)$this->request->getParam('secret', '');
		}
		return $this->config->verifyPushWebhookSecret($header);
	}
}