package v1

import (
	"api-service/internal/config"
	authHandlers "api-service/internal/handlers/auth"
	bpjsPesertaHandlers "api-service/internal/handlers/bpjs/reference"
	retribusiHandlers "api-service/internal/handlers/retribusi"
	"api-service/internal/middleware"
	services "api-service/internal/services/auth"
	"log"

	"github.com/gin-gonic/gin"
	swaggerFiles "github.com/swaggo/files"
	ginSwagger "github.com/swaggo/gin-swagger"
)

func RegisterRoutes(cfg *config.Config) *gin.Engine {
	router := gin.New()

	// Add global middleware
	router.Use(middleware.CORSConfig())
	router.Use(middleware.ErrorHandler())
	router.Use(gin.Logger())
	router.Use(gin.Recovery())

	// Initialize services with error handling
	authService := services.NewAuthService(cfg)
	if authService == nil {
		log.Fatal("Failed to initialize auth service")
	}

	// Swagger UI route
	router.GET("/swagger/*any", ginSwagger.WrapHandler(swaggerFiles.Handler))

	// API v1 group
	v1 := router.Group("/api/v1")

	// =============================================================================
	// PUBLIC ROUTES (No Authentication Required)
	// =============================================================================

	// Authentication routes
	authHandler := authHandlers.NewAuthHandler(authService)
	tokenHandler := authHandlers.NewTokenHandler(authService)

	// Basic auth routes
	v1.POST("/auth/login", authHandler.Login)
	v1.POST("/auth/register", authHandler.Register)
	v1.POST("/auth/refresh", authHandler.RefreshToken)

	// Token generation routes (keep public if needed)
	v1.POST("/token/generate", tokenHandler.GenerateToken)
	v1.POST("/token/generate-direct", tokenHandler.GenerateTokenDirect)

	// BPJS endpoints
	// bpjsPesertaHandler := bpjsPesertaHandlers.NewPesertaHandler(cfg.Bpjs)
	// v1.GET("/bpjs/peserta/nik/:nik/tglSEP/:tglSEP", bpjsPesertaHandler.GetPesertaByNIK)

	// =============================================================================
	// PROTECTED ROUTES (Authentication Required)
	// =============================================================================

	// Create protected group with AuthMiddleware
	protected := v1.Group("/")
	protected.Use(middleware.AuthMiddleware()) // Use Keycloak AuthMiddleware

	// User profile (protected)
	protected.GET("/auth/me", authHandler.Me)

	// Retribusi endpoints (CRUD operations - should be protected)
	retribusiHandler := retribusiHandlers.NewRetribusiHandler()
	protectedRetribusi := protected.Group("/retribusi")
	{
		protectedRetribusi.GET("/", retribusiHandler.GetRetribusi)          // GET /api/v1/retribusi/
		protectedRetribusi.GET("/:id", retribusiHandler.GetRetribusiByID)   // GET /api/v1/retribusi/:id
		protectedRetribusi.POST("/", retribusiHandler.CreateRetribusi)      // POST /api/v1/retribusi/
		protectedRetribusi.PUT("/:id", retribusiHandler.UpdateRetribusi)    // PUT /api/v1/retribusi/:id
		protectedRetribusi.DELETE("/:id", retribusiHandler.DeleteRetribusi) // DELETE /api/v1/retribusi/:id
	}

	// BPJS endpoints (sensitive data - should be protected)
	bpjsPesertaHandler := bpjsPesertaHandlers.NewPesertaHandler(cfg.Bpjs)
	protectedBpjs := protected.Group("/bpjs")
	{
		protectedBpjs.GET("/peserta/nik/:nik/tglsep/:tglSEP", bpjsPesertaHandler.GetPesertaByNIK)
	}

	return router
}