import { authentikFetch, clearAuthentikCache } from '../../utils/authentik';
import { requireAuth } from '../../utils/auth';

// /api/applications/[id] - Handle GET, PUT, DELETE for specific application
// Note: [id] is actually the application slug for consistency with Authentik API
export default defineEventHandler(async (event) => {
  const method = getMethod(event);
  const slug = getRouterParam(event, 'id'); // This is actually a slug

  if (!slug) {
    throw createError({
      statusCode: 400,
      message: 'Application slug is required'
    });
  }

  switch (method) {
    case 'GET':
      // Make GET public for testing - no auth required
      try {
        const application = await authentikFetch(`/core/applications/${slug}/`);
        return application;
      } catch (error) {
        throw createError({
          statusCode: error.statusCode || 404,
          message: error.message || 'Application not found'
        });
      }

    case 'PUT':
      // Require authentication for updating applications
      await requireAuth(event);
      
      try {
        const body = await readBody(event);
        console.log('🔄 Updating application:', slug, body);
        
        // Prepare the update payload with all fields from frontend
        const updatePayload = {
          name: body.name,
          slug: body.slug,
          meta_description: body.meta_description || body.description,
          meta_publisher: body.meta_publisher || 'CorradAF RBAC',
          meta_launch_url: body.meta_launch_url || body.launchUrl
        };
        
        console.log('📦 Update payload:', updatePayload);
        
        const application = await authentikFetch(`/core/applications/${slug}/`, {
          method: 'PATCH', // Use PATCH instead of PUT to update only specified fields
          body: updatePayload
        });

        console.log('✅ Application updated successfully:', application.name);
        
        // Clear Authentik cache to ensure changes take effect immediately
        try {
          await clearAuthentikCache();
          console.log('✅ Cache cleared after application update');
        } catch (cacheError) {
          console.warn('⚠️ Cache clearing failed but application was updated:', cacheError.message);
          // Continue even if cache clearing fails
        }
        
        // Add success message to the response
        return {
          ...application,
          message: 'Application updated successfully'
        };
      } catch (error) {
        console.error('❌ Update failed:', error);
        throw createError({
          statusCode: error.statusCode || 500,
          message: error.message || 'Failed to update application'
        });
      }

    case 'DELETE':
      // Require authentication for deleting applications
      await requireAuth(event);
      
      try {
        console.log(`🗑️ Attempting to delete application with slug: ${slug}`);
        
        // Direct DELETE using slug (no extra GET request needed)
        await authentikFetch(`/core/applications/${slug}/`, {
          method: 'DELETE'
        });

        console.log(`✅ Successfully deleted application ${slug}`);
        
        // Clear Authentik cache to ensure changes take effect immediately
        try {
          await clearAuthentikCache();
          console.log('✅ Cache cleared after application deletion');
        } catch (cacheError) {
          console.warn('⚠️ Cache clearing failed but application was deleted:', cacheError.message);
          // Continue even if cache clearing fails
        }
        
        return { 
          success: true,
          message: 'Application deleted successfully' 
        };
      } catch (error) {
        console.error(`❌ Delete failed for application ${slug}:`, error);
        throw createError({
          statusCode: error.statusCode || 500,
          message: error.message || 'Failed to delete application'
        });
      }

    default:
      throw createError({
        statusCode: 405,
        message: 'Method not allowed'
      });
  }
});