const express = require("express");
const axios = require("axios");
const { log } = require("./logger");
const { saveToken, deleteToken } = require("./tokenStore");
const { createFulfillmentService } = require("./fulfillmentService");

const router = express.Router();

const CLIENT_ID = process.env.SHOPIFY_CLIENT_ID;
const CLIENT_SECRET = process.env.SHOPIFY_CLIENT_SECRET;

router.get("/auth/login", (req, res) => {
  const { shop } = req.query;

  if (!shop) {
    return res.status(400).json({ error: "Missing shop query parameter." });
  }

  const redirectUri = process.env.SHOPIFY_REDIRECT_URI || `${process.env.APP_URL || "http://localhost:3002"}/auth/callback`;
  const scopes = process.env.SHOPIFY_SCOPES || "write_products,write_files,write_inventory,write_publications";
  const installUrl = `https://${shop}/admin/oauth/authorize?client_id=${CLIENT_ID}&scope=${encodeURIComponent(scopes)}&redirect_uri=${encodeURIComponent(redirectUri)}`;

  return res.redirect(installUrl);
});

router.get("/auth/callback", async (req, res) => {
  const { shop, code } = req.query;

  if (!shop || !code) {
    log("general", `Missing shop or code in callback: ${JSON.stringify(req.query)}`);
    return res.status(400).send("Missing shop or code parameter.");
  }

  try {
    log(shop, "Exchanging OAuth code for access token");
    const resp = await axios.post(
      `https://${shop}/admin/oauth/access_token`,
      {
        client_id: CLIENT_ID,
        client_secret: CLIENT_SECRET,
        code,
      },
      {
        headers: { "Content-Type": "application/json" },
      }
    );

    const { access_token, scope } = resp.data;
    saveToken(shop, access_token, scope);
    log(shop, "Token saved to data/tokens.json");

    const fulfillment = await createFulfillmentService(shop, access_token);
    if (fulfillment?.success) {
      saveToken(shop, access_token, scope, fulfillment.fulfillmentService, fulfillment.locationId);
      log(shop, "Fulfillment service and location stored");
    } else {
      log(shop, `Fulfillment setup skipped/failed: ${JSON.stringify(fulfillment?.errors || fulfillment?.error || null)}`);
    }

    const redirectTarget = process.env.SHOPIFY_AFTER_AUTH_REDIRECT || "https://admin.shopify.com";
    return res.redirect(redirectTarget);
  } catch (err) {
    const errMsg = err.response?.data || err.message;
    log(shop, `OAuth error: ${JSON.stringify(errMsg)}`);
    return res.status(500).send("Failed to get access token");
  }
});

router.post("/auth/logout", (req, res) => {
  const { shop } = req.body || {};
  if (!shop) {
    return res.status(400).json({ error: "Missing shop." });
  }

  deleteToken(shop);
  log(shop, "Shop token removed");
  return res.json({ ok: true, shop });
});

module.exports = router;