use crate::{ApiResponse, error::ApiError};
use actix_web::{HttpResponse, Result, web};
use service::AppService;
use service::auth::totp::{
    Disable2FAParams, Enable2FAResponse, Get2FAStatusResponse, Verify2FAParams,
};
use session::Session;

#[utoipa::path(
    post,
    path = "/api/auth/2fa/enable",
    responses(
        (status = 200, description = "2FA setup initiated", body = Enable2FAResponse),
        (status = 401, description = "Unauthorized"),
        (status = 409, description = "2FA already enabled"),
        (status = 500, description = "Internal server error"),
        (status = 404, description = "Not found", body = ApiResponse<ApiError>),
    ),
    tag = "Auth"
)]
pub async fn api_2fa_enable(
    service: web::Data<AppService>,
    session: Session,
) -> Result<HttpResponse, ApiError> {
    let resp = service.auth_2fa_enable(&session).await?;
    Ok(ApiResponse::ok(resp).to_response())
}

#[utoipa::path(
    post,
    path = "/api/auth/2fa/verify",
    request_body = Verify2FAParams,
    responses(
        (status = 200, description = "2FA verified and enabled"),
        (status = 401, description = "Unauthorized or invalid code"),
        (status = 400, description = "2FA not set up"),
        (status = 500, description = "Internal server error"),
        (status = 404, description = "Not found", body = ApiResponse<ApiError>),
    ),
    tag = "Auth"
)]
pub async fn api_2fa_verify(
    service: web::Data<AppService>,
    session: Session,
    params: web::Json<Verify2FAParams>,
) -> Result<HttpResponse, ApiError> {
    service
        .auth_2fa_verify_and_enable(&session, params.into_inner())
        .await?;
    Ok(crate::api_success())
}

#[utoipa::path(
    post,
    path = "/api/auth/2fa/disable",
    request_body = Disable2FAParams,
    responses(
        (status = 200, description = "2FA disabled"),
        (status = 401, description = "Unauthorized"),
        (status = 400, description = "2FA not enabled or invalid code/password"),
        (status = 500, description = "Internal server error"),
        (status = 404, description = "Not found", body = ApiResponse<ApiError>),
    ),
    tag = "Auth"
)]
pub async fn api_2fa_disable(
    service: web::Data<AppService>,
    session: Session,
    params: web::Json<Disable2FAParams>,
) -> Result<HttpResponse, ApiError> {
    service
        .auth_2fa_disable(&session, params.into_inner())
        .await?;
    Ok(crate::api_success())
}

#[utoipa::path(
    post,
    path = "/api/auth/2fa/status",
    responses(
        (status = 200, description = "2FA status", body = Get2FAStatusResponse),
        (status = 401, description = "Unauthorized"),
        (status = 500, description = "Internal server error"),
        (status = 404, description = "Not found", body = ApiResponse<ApiError>),
    ),
    tag = "Auth"
)]
pub async fn api_2fa_status(
    service: web::Data<AppService>,
    session: Session,
) -> Result<HttpResponse, ApiError> {
    let resp = service.auth_2fa_status(&session).await?;
    Ok(ApiResponse::ok(resp).to_response())
}