import { Controller, Get, Query, Request, Res, UseGuards } from '@nestjs/common';
import type { Response, Request as ExpressRequest } from 'express';
import { SkipTransform } from '@common/decorators/skip-transform.decorator';
import { AuditLogsService } from '../services/audit-logs.service';
import { handleMeetingAttendanceError } from '../errors/handle-controller-error';
import { getMeetingRoleFromUser, isMeetingAdminRole } from '../utils/meeting-roles';

@Controller('meeting-attendance/audit-logs')
@SkipTransform()
export class MeetingAttendanceAuditLogsController {
  constructor(private readonly auditLogsService: AuditLogsService) {}

  @Get()
  async listAuditLogs(
    @Query() query: Record<string, any>,
    @Request() req: ExpressRequest,
    @Res() res: Response,
  ) {
    try {
      const actor = await this.requireAdmin(req, res);
      if (!actor) {
        return res;
      }

      const result = await this.auditLogsService.listAuditLogs(query as any);
      return res.status(200).json(result);
    } catch (error) {
      return handleMeetingAttendanceError(res, error, 'Failed to fetch audit logs');
    }
  }

  @Get('stats')
  async getAuditStats(
    @Query() query: Record<string, any>,
    @Request() req: ExpressRequest,
    @Res() res: Response,
  ) {
    try {
      const actor = await this.requireAdmin(req, res);
      if (!actor) {
        return res;
      }

      const result = await this.auditLogsService.getAuditLogStats({
        startDate: query.startDate,
        endDate: query.endDate,
        userId: query.userId,
      });
      return res.status(200).json(result);
    } catch (error) {
      return handleMeetingAttendanceError(res, error, 'Failed to fetch stats');
    }
  }

  private async requireAdmin(req: ExpressRequest, res: Response) {
    const user = req.user as
      | { userId?: string; id?: string; email?: string; roles?: Array<{ role?: { code?: string } } | string> }
      | undefined;
    const userId = user?.userId ?? user?.id;
    if (!userId || !user?.email) {
      res.status(401).json({ error: 'Unauthorized' });
      return null;
    }

    const role = getMeetingRoleFromUser(user);
    if (!isMeetingAdminRole(role)) {
      res
        .status(403)
        .json({ error: 'Insufficient permissions. Only meeting attendance administrators can view audit logs.' });
      return null;
    }
    return { id: userId, email: user.email };
  }
}