<?php namespace App\Http\Controllers\System;
/**
 * @copyright (c) 2025 Notsoweb Software (https://notsoweb.com) - All Rights Reserved
 */

use App\Http\Controllers\Controller;
use App\Models\Setting;
use App\Helpers\EncryptionHelper;
use App\Enums\SettingTypeEk;
use Illuminate\Http\Request;
use Illuminate\Routing\Controllers\HasMiddleware;

/**
 * Descripción
 */
class SettingsController extends Controller implements HasMiddleware
{
    public static function middleware(): array
    {
        return [
            self::can('system.settings', ['show', 'update']),
        ];
    }

    public function show()
    {
        $encryptedCredentials = Setting::value('repuve_federal_credentials');

        if (!$encryptedCredentials) {
            return response()->json([
                'success' => true,
                'data' => [
                    'username' => '',
                    'password_exists' => false
                ]
            ]);
        }

        $credentials = EncryptionHelper::decryptData($encryptedCredentials);

        return response()->json([
            'success' => true,
            'data' => [
                'username' => $credentials['username'] ?? '',
                'password' => $credentials['password'] ?? '',
                'password_exists' => !empty($credentials['password'])
            ]
        ]);
    }

    public function decrypt(Request $request)
    {
        $request->validate([
            'value'   => 'required|string',
            'app_key' => 'nullable|string',
        ]);

        if ($request->filled('app_key')) {
            try {
                $rawKey  = base64_decode(str_replace('base64:', '', $request->app_key));
                $encrypter = new \Illuminate\Encryption\Encrypter($rawKey, 'AES-256-CBC');
                $credentials = json_decode($encrypter->decryptString($request->value), true);
            } catch (\Exception $e) {
                return response()->json([
                    'success' => false,
                    'message' => 'No se pudo desencriptar con el APP_KEY proporcionado',
                    'error'   => $e->getMessage(),
                ], 422);
            }
        } else {
            $credentials = EncryptionHelper::decryptData($request->value);
        }

        if (!$credentials) {
            return response()->json([
                'success' => false,
                'message' => 'No se pudo desencriptar el valor proporcionado',
            ], 422);
        }

        return response()->json([
            'success' => true,
            'data' => $credentials,
        ]);
    }

    public function update(Request $request)
    {
        $validated = $request->validate([
            'username' => 'required|string|max:255',
            'password' => 'required|string|min:6|max:255',
        ]);

        // Preparar datos para encriptar
        $credentials = [
            'username' => $validated['username'],
            'password' => $validated['password']
        ];

        // Encriptar las credenciales
        $encryptedValue = EncryptionHelper::encryptData($credentials);

        // Guardar en BD (crea o actualiza automáticamente)
        Setting::value(
            key: 'repuve_federal_credentials',
            value: $encryptedValue,
            description: 'Credenciales encriptadas para REPUVE Federal',
            type_ek: SettingTypeEk::JSON
        );

        return response()->json([
            'success' => true,
            'message' => 'Credenciales guardadas correctamente',
            'data' => [
                'username' => $credentials['username'],
                'password_exists' => true
            ]
        ]);
    }
}