"use client";

import { useEffect, useState } from "react";
import { AppShell } from "../../../components/app-shell";
import { apiFetch } from "@/lib/api";

type ApiResponse<T> = {
  data: T;
  meta: { timestamp: string; version: "v1" };
  error: null | { message: string; code?: string };
};

type TwoFaGenerateData = { qrCode: string; otpAuthUrl: string };
type UserData = { user: { twoFactorEnabled: boolean } };

export default function TwoFAPage() {
  const [enabled, setEnabled] = useState<boolean | null>(null);
  const [qrCode, setQrCode] = useState<string>("");
  const [otpAuthUrl, setOtpAuthUrl] = useState<string>("");
  const [token, setToken] = useState("");
  const [status, setStatus] = useState("");
  const [isError, setIsError] = useState(false);
  const [step, setStep] = useState<"idle" | "scan" | "done">("idle");

  useEffect(() => {
    apiFetch<UserData["user"]>("/api/auth/me")
      .then((res) => {
        if (!res.error && res.data) {
          // me returns { user: {...} }
          const data = res.data as unknown as UserData;
          setEnabled(data.user?.twoFactorEnabled ?? false);
        }
      })
      .catch(() => {});
  }, []);

  const handleGenerate = async () => {
    setStatus("Generating QR code...");
    setIsError(false);
    const res = await apiFetch<TwoFaGenerateData>("/api/2fa/generate", { method: "POST" });
    if (res.error) {
      setStatus(res.error.message ?? "Failed to generate 2FA secret.");
      setIsError(true);
      return;
    }
    setQrCode(res.data.qrCode);
    setOtpAuthUrl(res.data.otpAuthUrl);
    setStep("scan");
    setStatus("Scan the QR code with your authenticator app, then enter the code below.");
  };

  const handleEnable = async (event: React.FormEvent) => {
    event.preventDefault();
    if (!token || token.length !== 6) {
      setStatus("Please enter the 6-digit code.");
      setIsError(true);
      return;
    }
    setStatus("Verifying...");
    setIsError(false);
    const res = await apiFetch<{ message: string }>("/api/2fa/enable", {
      method: "POST",
      body: JSON.stringify({ token }),
    });
    if (res.error) {
      setStatus(res.error.message ?? "Verification failed. Try again.");
      setIsError(true);
      return;
    }
    setEnabled(true);
    setStep("done");
    setStatus("Two-factor authentication is now active.");
  };

  const handleDisable = async (event: React.FormEvent) => {
    event.preventDefault();
    if (!token || token.length !== 6) {
      setStatus("Please enter the 6-digit code to confirm.");
      setIsError(true);
      return;
    }
    setStatus("Disabling 2FA...");
    setIsError(false);
    const res = await apiFetch<{ message: string }>("/api/2fa/disable", {
      method: "DELETE",
      body: JSON.stringify({ token }),
    });
    if (res.error) {
      setStatus(res.error.message ?? "Failed. Check your authenticator code.");
      setIsError(true);
      return;
    }
    setEnabled(false);
    setToken("");
    setStep("idle");
    setStatus("Two-factor authentication has been disabled.");
  };

  return (
    <AppShell title="Two-Factor Auth" subtitle="Secure your account with a TOTP authenticator.">
      <div className="max-w-lg">
        <div className="glass-panel rounded-2xl p-8">
          {enabled === null ? (
            <div className="flex items-center justify-center py-8">
              <div className="h-8 w-8 rounded-full border-2 border-primary border-t-transparent animate-spin" />
            </div>
          ) : enabled ? (
            <>
              <div className="flex items-center gap-3 mb-6">
                <div className="h-10 w-10 rounded-full bg-primary/10 flex items-center justify-center">
                  <svg className="h-5 w-5 text-primary" fill="none" viewBox="0 0 24 24" stroke="currentColor">
                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M9 12l2 2 4-4m5.618-4.016A11.955 11.955 0 0112 2.944a11.955 11.955 0 01-8.618 3.04A12.02 12.02 0 003 9c0 5.591 3.824 10.29 9 11.622 5.176-1.332 9-6.03 9-11.622 0-1.042-.133-2.052-.382-3.016z" />
                  </svg>
                </div>
                <div>
                  <p className="text-sm font-bold text-foreground">2FA is Active</p>
                  <p className="text-xs text-muted-foreground">Your account is protected with TOTP.</p>
                </div>
              </div>

              <p className="text-sm text-muted-foreground mb-6">
                To disable two-factor authentication, enter the current code from your authenticator app.
              </p>

              <form onSubmit={handleDisable} className="space-y-4">
                <div>
                  <label className="block text-sm font-medium text-foreground mb-1">Authenticator Code</label>
                  <input
                    type="text" inputMode="numeric" maxLength={6} placeholder="000000"
                    value={token} onChange={(e) => setToken(e.target.value.replace(/\D/g, ""))}
                    className="block w-full rounded-lg border border-border bg-background/50 px-3 py-2 text-sm text-center tracking-widest focus:border-primary focus:outline-none focus:ring-primary transition-all"
                    required
                  />
                </div>
                <button
                  type="submit"
                  className="w-full rounded-lg border border-red-500/30 bg-red-500/10 py-2.5 px-4 text-sm font-bold text-red-500 hover:bg-red-500/20 transition-all"
                >
                  Disable 2FA
                </button>
              </form>
            </>
          ) : step === "idle" ? (
            <>
              <div className="flex items-center gap-3 mb-6">
                <div className="h-10 w-10 rounded-full bg-secondary flex items-center justify-center">
                  <svg className="h-5 w-5 text-muted-foreground" fill="none" viewBox="0 0 24 24" stroke="currentColor">
                    <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M12 15v2m-6 4h12a2 2 0 002-2v-6a2 2 0 00-2-2H6a2 2 0 00-2 2v6a2 2 0 002 2zm10-10V7a4 4 0 00-8 0v4h8z" />
                  </svg>
                </div>
                <div>
                  <p className="text-sm font-bold text-foreground">2FA Not Enabled</p>
                  <p className="text-xs text-muted-foreground">Add an extra layer of protection.</p>
                </div>
              </div>
              <p className="text-sm text-muted-foreground mb-6">
                Use any TOTP authenticator app (Google Authenticator, Authy, 1Password) to generate login codes.
              </p>
              <button
                onClick={handleGenerate}
                className="w-full rounded-lg bg-primary py-2.5 px-4 text-sm font-bold text-primary-foreground hover:bg-primary/90 transition-all"
              >
                Enable Two-Factor Auth
              </button>
            </>
          ) : step === "scan" ? (
            <>
              <p className="text-sm font-bold text-foreground mb-2">Scan this QR code</p>
              <p className="text-xs text-muted-foreground mb-4">
                Open your authenticator app and scan the code below, or enter the key manually.
              </p>
              {qrCode && (
                <div className="flex justify-center mb-4 bg-white p-3 rounded-xl inline-block">
                  {/* eslint-disable-next-line @next/next/no-img-element */}
                  <img src={qrCode} alt="2FA QR Code" className="h-40 w-40" />
                </div>
              )}
              {otpAuthUrl && (
                <p className="text-[10px] text-muted-foreground break-all mb-4 font-mono bg-secondary/30 p-2 rounded">{otpAuthUrl}</p>
              )}
              <form onSubmit={handleEnable} className="space-y-4">
                <div>
                  <label className="block text-sm font-medium text-foreground mb-1">Enter code to confirm</label>
                  <input
                    type="text" inputMode="numeric" maxLength={6} placeholder="6-digit code"
                    value={token} onChange={(e) => setToken(e.target.value.replace(/\D/g, ""))}
                    className="block w-full rounded-lg border border-border bg-background/50 px-3 py-2 text-sm text-center tracking-widest focus:border-primary focus:outline-none focus:ring-primary transition-all"
                    required autoFocus
                  />
                </div>
                <button
                  type="submit"
                  className="w-full rounded-lg bg-primary py-2.5 px-4 text-sm font-bold text-primary-foreground hover:bg-primary/90 transition-all"
                >
                  Verify and Enable
                </button>
              </form>
            </>
          ) : (
            <div className="text-center py-4">
              <div className="mx-auto h-12 w-12 rounded-full bg-primary/10 flex items-center justify-center mb-4">
                <svg className="h-6 w-6 text-primary" fill="none" viewBox="0 0 24 24" stroke="currentColor">
                  <path strokeLinecap="round" strokeLinejoin="round" strokeWidth={2} d="M5 13l4 4L19 7" />
                </svg>
              </div>
              <p className="text-sm font-bold text-foreground">2FA Enabled Successfully</p>
              <p className="text-xs text-muted-foreground mt-1">Your account now requires a code on each login.</p>
            </div>
          )}

          {status && (
            <div className={`mt-4 rounded-lg p-3 text-sm text-center ${isError ? "bg-red-500/10 border border-red-500/20 text-red-400" : "bg-accent/10 border border-accent/20"}`}>
              {status}
            </div>
          )}
        </div>
      </div>
    </AppShell>
  );
}