<?php

namespace App\Actions\Fortify;

use App\Concerns\PasswordValidationRules;
use App\Models\User;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\Rule;
use Illuminate\Validation\ValidationException;
use Laravel\Fortify\Contracts\CreatesNewUsers;

class CreateNewUser implements CreatesNewUsers
{
    use PasswordValidationRules;

    /**
     * Validate and create a newly registered user.
     *
     * @param  array<string, string>  $input
     */
    public function create(array $input)
    {
        // Check if registration is enabled via admin site settings
        $siteSettings = \App\Models\AppSetting::get('site.settings', []);
        if (isset($siteSettings['registration_open']) && $siteSettings['registration_open'] === false) {
            throw ValidationException::withMessages([
                'email' => ['Die Registrierung ist derzeit deaktiviert.'],
            ]);
        }

        Validator::make($input, [
            'username'     => ['required', 'string', 'max:255', 'alpha_dash', Rule::unique(User::class)],
            'email'        => ['required', 'string', 'email', 'max:255', Rule::unique(User::class)],
            'first_name'   => ['required', 'string', 'max:255'],
            'last_name'    => ['required', 'string', 'max:255'],
            'birthdate'    => ['required', 'date', 'before:today'],
            'gender'       => ['required', 'string', Rule::in(['male', 'female', 'other'])],
            'phone'        => ['required', 'string', 'max:255'],
            'country'      => ['required', 'string', 'size:2'],
            'address_line1'=> ['required', 'string', 'max:255'],
            'address_line2'=> ['nullable', 'string', 'max:255'],
            'city'         => ['required', 'string', 'max:255'],
            'postal_code'  => ['required', 'string', 'max:255'],
            'currency'     => ['required', 'string', Rule::in(['EUR', 'USD', 'GBP', 'BTC'])],
            'password'     => $this->passwordRules(),
            'is_adult'     => ['accepted'],
            'terms_accepted' => ['accepted'],
        ])->validate();

        // Anti-Abuse: block if more than 3 accounts already registered from this IP in 24h
        $ip = request()->ip();
        if ($ip) {
            $recentCount = User::where('registration_ip', $ip)
                ->where('created_at', '>=', now()->subHours(24))
                ->count();

            if ($recentCount >= 3) {
                throw ValidationException::withMessages([
                    'email' => ['Too many accounts registered from this IP address. Please try again later.'],
                ]);
            }
        }

        return User::create([
            'username'      => $input['username'],
            'email'         => $input['email'],
            'first_name'    => $input['first_name'],
            'last_name'     => $input['last_name'],
            'name'          => ($input['first_name'] ?? '') . ' ' . ($input['last_name'] ?? ''),
            'birthdate'     => $input['birthdate'],
            'gender'        => $input['gender'],
            'phone'         => $input['phone'],
            'country'       => $input['country'],
            'address_line1' => $input['address_line1'],
            'address_line2' => $input['address_line2'] ?? '',
            'city'          => $input['city'],
            'postal_code'   => $input['postal_code'],
            'currency'      => $input['currency'],
            'is_adult'      => (bool)$input['is_adult'],
            'password'      => Hash::make($input['password']),
            'registration_ip' => $ip,
        ]);
    }
}