<?php

namespace App\Http\Controllers\Settings;

use App\Http\Controllers\Controller;
use Illuminate\Contracts\Pagination\LengthAwarePaginator;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Auth;
use Inertia\Inertia;
use Inertia\Response;

class SecurityController extends Controller
{
    /**
     * Render the Security center page.
     */
    public function index(Request $request): Response
    {
        // Provide a light payload; sessions loaded via separate endpoint
        return Inertia::render('settings/Security', [
            'twoFactorEnabled' => (bool) optional($request->user())->hasEnabledTwoFactorAuthentication(),
        ]);
    }

    /**
     * List active sessions for the current user (from database sessions table).
     */
    public function sessions(Request $request)
    {
        $userId = Auth::id();
        $rows = DB::table('sessions')
            ->where('user_id', $userId)
            ->orderByDesc('last_activity')
            ->limit(100)
            ->get(['id', 'ip_address', 'user_agent', 'last_activity']);

        // Format response
        $data = $rows->map(function ($r) use ($request) {
            $isCurrent = $request->session()->getId() === $r->id;
            return [
                'id' => $r->id,
                'ip' => $r->ip_address,
                'user_agent' => $r->user_agent,
                'last_activity' => $r->last_activity,
                'current' => $isCurrent,
            ];
        })->values();

        return response()->json(['data' => $data]);
    }

    /**
     * Revoke a specific session by ID (current user's session only)
     */
    public function revoke(Request $request, string $id)
    {
        $userId = Auth::id();
        $session = DB::table('sessions')->where('id', $id)->first();
        if (! $session || $session->user_id != $userId) {
            abort(404);
        }
        // Prevent revoking current session via this endpoint to avoid lockouts
        if ($request->session()->getId() === $id) {
            return response()->json(['message' => 'Cannot revoke current session via API.'], 422);
        }
        DB::table('sessions')->where('id', $id)->delete();
        return response()->json(['message' => 'Session revoked']);
    }
}