// Package internalhttp defines the frozen trusted internal HTTP contract used
// by Mail Service.
package internalhttp

import (
	"bytes"
	"crypto/sha256"
	"encoding/hex"
	"encoding/json"
	"errors"
	"fmt"
	"io"
	"mime"
	"net/http"
	"strings"

	"galaxy/mail/internal/domain/common"
)

const (
	// LoginCodeDeliveriesPath is the dedicated trusted route used by
	// Auth / Session Service for auth login-code delivery intake.
	LoginCodeDeliveriesPath = "/api/v1/internal/login-code-deliveries"

	// IdempotencyKeyHeader is the required header that scopes auth-delivery
	// deduplication.
	IdempotencyKeyHeader = "Idempotency-Key"

	// ErrorCodeInvalidRequest identifies trusted validation failures.
	ErrorCodeInvalidRequest = "invalid_request"

	// ErrorCodeInternalError identifies trusted invariant failures.
	ErrorCodeInternalError = "internal_error"

	// ErrorCodeServiceUnavailable identifies trusted availability failures.
	ErrorCodeServiceUnavailable = "service_unavailable"

	// ErrorCodeConflict identifies conflicting idempotency replays.
	ErrorCodeConflict = "conflict"

	jsonMediaType = "application/json"
)

// LoginCodeDeliveryRequest stores the strict JSON body accepted on the frozen
// auth-delivery route before normalization.
type LoginCodeDeliveryRequest struct {
	// Email stores the destination e-mail address.
	Email string `json:"email"`

	// Code stores the exact login code generated by Auth / Session Service.
	Code string `json:"code"`

	// Locale stores the caller-selected BCP 47 language tag.
	Locale string `json:"locale"`
}

// LoginCodeDeliveryCommand stores the normalized auth-delivery request shape
// that later Mail Service handlers and services can consume directly.
type LoginCodeDeliveryCommand struct {
	// IdempotencyKey stores the caller-owned stable deduplication key.
	IdempotencyKey common.IdempotencyKey

	// Email stores the normalized recipient address.
	Email common.Email

	// Code stores the exact login code after boundary validation.
	Code string

	// Locale stores the canonical BCP 47 language tag.
	Locale common.Locale
}

// Validate reports whether command satisfies the frozen auth-delivery
// contract.
func (command LoginCodeDeliveryCommand) Validate() error {
	if err := command.IdempotencyKey.Validate(); err != nil {
		return fmt.Errorf("idempotency key: %w", err)
	}
	if err := command.Email.Validate(); err != nil {
		return fmt.Errorf("email: %w", err)
	}
	if strings.TrimSpace(command.Code) == "" {
		return errors.New("code must not be empty")
	}
	if strings.TrimSpace(command.Code) != command.Code {
		return errors.New("code must not contain surrounding whitespace")
	}
	if err := command.Locale.Validate(); err != nil {
		return fmt.Errorf("locale: %w", err)
	}

	return nil
}

// Fingerprint returns the stable auth-delivery idempotency fingerprint of
// command.
func (command LoginCodeDeliveryCommand) Fingerprint() (string, error) {
	if err := command.Validate(); err != nil {
		return "", err
	}

	normalized := struct {
		IdempotencyKey string `json:"idempotency_key"`
		Email          string `json:"email"`
		Code           string `json:"code"`
		Locale         string `json:"locale"`
	}{
		IdempotencyKey: command.IdempotencyKey.String(),
		Email:          command.Email.String(),
		Code:           command.Code,
		Locale:         command.Locale.String(),
	}

	payload, err := json.Marshal(normalized)
	if err != nil {
		return "", fmt.Errorf("marshal login code delivery fingerprint: %w", err)
	}

	sum := sha256.Sum256(payload)

	return "sha256:" + hex.EncodeToString(sum[:]), nil
}

// LoginCodeDeliveryOutcome identifies the stable successful auth-delivery
// intake outcomes.
type LoginCodeDeliveryOutcome string

const (
	// LoginCodeDeliveryOutcomeSent reports durable acceptance into the internal
	// mail-delivery pipeline.
	LoginCodeDeliveryOutcomeSent LoginCodeDeliveryOutcome = "sent"

	// LoginCodeDeliveryOutcomeSuppressed reports intentional outward delivery
	// suppression while keeping the auth flow success-shaped.
	LoginCodeDeliveryOutcomeSuppressed LoginCodeDeliveryOutcome = "suppressed"
)

// IsKnown reports whether outcome belongs to the frozen auth success surface.
func (outcome LoginCodeDeliveryOutcome) IsKnown() bool {
	switch outcome {
	case LoginCodeDeliveryOutcomeSent, LoginCodeDeliveryOutcomeSuppressed:
		return true
	default:
		return false
	}
}

// LoginCodeDeliveryResponse stores the stable successful auth-delivery
// response body.
type LoginCodeDeliveryResponse struct {
	// Outcome stores the stable coarse acceptance result.
	Outcome LoginCodeDeliveryOutcome `json:"outcome"`
}

// Validate reports whether response satisfies the frozen success contract.
func (response LoginCodeDeliveryResponse) Validate() error {
	if !response.Outcome.IsKnown() {
		return fmt.Errorf("login code delivery outcome %q is unsupported", response.Outcome)
	}

	return nil
}

// ErrorResponse stores the stable trusted error envelope used by Mail Service.
type ErrorResponse struct {
	// Error stores the stable trusted error body.
	Error ErrorBody `json:"error"`
}

// Validate reports whether response satisfies the frozen trusted error
// envelope contract.
func (response ErrorResponse) Validate() error {
	return response.Error.Validate()
}

// ErrorBody stores the stable trusted error shape returned by Mail Service.
type ErrorBody struct {
	// Code stores the stable machine-readable error code.
	Code string `json:"code"`

	// Message stores the trusted human-readable error message.
	Message string `json:"message"`
}

// Validate reports whether body contains a complete trusted error payload.
func (body ErrorBody) Validate() error {
	switch {
	case strings.TrimSpace(body.Code) == "":
		return errors.New("error code must not be empty")
	case strings.TrimSpace(body.Code) != body.Code:
		return errors.New("error code must not contain surrounding whitespace")
	case strings.TrimSpace(body.Message) == "":
		return errors.New("error message must not be empty")
	default:
		return nil
	}
}

// DecodeLoginCodeDeliveryCommand validates one trusted HTTP request and
// returns the normalized auth-delivery command shape frozen by Stage 04.
func DecodeLoginCodeDeliveryCommand(request *http.Request) (LoginCodeDeliveryCommand, error) {
	if request == nil {
		return LoginCodeDeliveryCommand{}, errors.New("login code delivery request must not be nil")
	}

	if err := validateJSONContentType(request.Header.Get("Content-Type")); err != nil {
		return LoginCodeDeliveryCommand{}, err
	}

	idempotencyKey, err := parseIdempotencyKey(request.Header.Get(IdempotencyKeyHeader))
	if err != nil {
		return LoginCodeDeliveryCommand{}, err
	}

	body, err := decodeLoginCodeDeliveryRequest(request.Body)
	if err != nil {
		return LoginCodeDeliveryCommand{}, err
	}

	command := LoginCodeDeliveryCommand{
		IdempotencyKey: idempotencyKey,
		Email:          common.Email(strings.TrimSpace(body.Email)),
		Code:           body.Code,
	}

	locale, err := common.ParseLocale(strings.TrimSpace(body.Locale))
	if err != nil {
		return LoginCodeDeliveryCommand{}, fmt.Errorf("locale: %w", err)
	}
	command.Locale = locale

	if err := command.Validate(); err != nil {
		return LoginCodeDeliveryCommand{}, err
	}

	return command, nil
}

func decodeLoginCodeDeliveryRequest(body io.ReadCloser) (LoginCodeDeliveryRequest, error) {
	if body == nil {
		return LoginCodeDeliveryRequest{}, errors.New("request body must not be nil")
	}
	defer body.Close()

	payload, err := io.ReadAll(body)
	if err != nil {
		return LoginCodeDeliveryRequest{}, fmt.Errorf("read request body: %w", err)
	}

	decoder := json.NewDecoder(bytes.NewReader(payload))
	decoder.DisallowUnknownFields()

	var request LoginCodeDeliveryRequest
	if err := decoder.Decode(&request); err != nil {
		return LoginCodeDeliveryRequest{}, fmt.Errorf("decode request body: %w", err)
	}
	if err := decoder.Decode(&struct{}{}); err != io.EOF {
		if err == nil {
			return LoginCodeDeliveryRequest{}, errors.New("decode request body: unexpected trailing JSON input")
		}

		return LoginCodeDeliveryRequest{}, fmt.Errorf("decode request body: %w", err)
	}

	return request, nil
}

func parseIdempotencyKey(value string) (common.IdempotencyKey, error) {
	switch {
	case strings.TrimSpace(value) == "":
		return "", errors.New("Idempotency-Key header must not be empty")
	case strings.TrimSpace(value) != value:
		return "", errors.New("Idempotency-Key header must not contain surrounding whitespace")
	default:
		key := common.IdempotencyKey(value)
		if err := key.Validate(); err != nil {
			return "", fmt.Errorf("idempotency key: %w", err)
		}

		return key, nil
	}
}

func validateJSONContentType(value string) error {
	mediaType, _, err := mime.ParseMediaType(value)
	if err != nil {
		return fmt.Errorf("Content-Type must be %s", jsonMediaType)
	}
	if mediaType != jsonMediaType {
		return fmt.Errorf("Content-Type must be %s", jsonMediaType)
	}

	return nil
}