defmodule BrightWeb.Router do
  use BrightWeb, :router

  import BrightWeb.AuthController

  pipeline :browser do
    plug(:accepts, ["html", "json"])
    plug(:fetch_session)
    plug(:fetch_live_flash)
    plug(:put_root_layout, html: {BrightWeb.Layouts, :root})
    plug(:protect_from_forgery)
    plug(:put_secure_browser_headers)
    plug(:fetch_current_user)
  end

  defp fetch_current_user(conn, _) do
    if user_uuid = get_session(conn, :current_user) do
      assign(conn, :current_user, user_uuid)
    else
      conn
      |> assign(:current_user, nil)
      |> put_session(:current_user, nil)
    end
  end

  pipeline :api do
    plug(:accepts, ["json"])
  end

  scope "/" do
    pipe_through([:browser, :require_authenticated_user, :require_admin_user])
    ## !!! DANGER, platforms must only be writable by admins, (unless we implement SVG sanitizing)
    get("/platforms/new", PlatformController, :new)
    post("/platforms", PlatformController, :create)
    get("/platforms/:id/edit", PlatformController, :edit)
    patch("/platforms/:id", PlatformController, :update)
    put("/platforms/:id", PlatformController, :update)
  end

  scope "/auth", BrightWeb do
    pipe_through(:browser)

    get("/:provider", AuthController, :request)
    get("/:provider/callback", AuthController, :callback)
    post("/:provider/callback", AuthController, :callback)
    delete("/logout", AuthController, :delete)
  end

  scope "/" do
    pipe_through([:browser, :require_authenticated_user])

    get("/streams/new", StreamController, :new)
    post("/streams", StreamController, :create)

    # get "/vods/new", VodController, :new
    # post "/vods", VodController, :create

    # resources "/vt", VtuberController do
    #   get "/vods/new", VodController, :new
    #   post "/vods", VodController, :create
    #   get "/vtubers/:id/edit", VtuberController, :edit
    # end

    # resources "/vtubers", VtuberController do
    #   get "/vods/new", VodController, :new

    #   post "/vods", VodController, :create
    #   get "/vtubers/:id/edit", VtuberController, :edit
    # end

    get("/tags/new", TagController, :new)
    post("/tags", TagController, :create)
  end

  scope "/", BrightWeb do
    pipe_through(:browser)

    get("/", PageController, :home)

    get("/profile", UserController, :show, as: :user)

    get("/patrons", PatronController, :index)
    get("/about", PageController, :about)
    get("/api", PageController, :api)

    get("/join", UserController, :join)
    post("/join", UserController, :join)
    post("/join", UserController, :join)

    resources("/orders", OrderController, only: [:create, :show])

    get("/streams", StreamController, :index)
    get("/streams/:id", StreamController, :show)

    resources("/vods", VodController)
    get("/vods/:id", VodController, :show)
    get("/vods", VodController, :index)

    get("/tags", TagController, :index)
    get("/tags:id", TagController, :show)

    get("/platforms", PlatformController, :index)
    get("/platforms/:id", PlatformController, :show)

    get("/vtubers", VtuberController, :index)
    get("/vtubers/:id", VtuberController, :show)

    resources "/vt", VtuberController do
      get("/vods", VodController, :index)
      get("/vods/:id", VodController, :show)
    end
  end

  # Other scopes may use custom stacks.
  scope "/api", BrightWeb do
    pipe_through(:api)
    resources("/urls", UrlController, except: [:new, :edit])
    get("/health", PageController, :health)
  end

  # Enable LiveDashboard and Swoosh mailbox preview in development
  if Application.compile_env(:bright, :dev_routes) do
    # If you want to use the LiveDashboard in production, you should put
    # it behind authentication and allow only admins to access it.
    # If your application does not have an admins-only section yet,
    # you can use Plug.BasicAuth to set up some basic authentication
    # as long as you are also using SSL (which you should anyway).
    import Phoenix.LiveDashboard.Router

    scope "/dev" do
      pipe_through(:browser)

      live_dashboard("/dashboard", metrics: BrightWeb.Telemetry)
      forward("/mailbox", Plug.Swoosh.MailboxPreview)
    end
  end

  ## Authentication routes

  scope "/", BrightWeb do
    pipe_through([:browser])
  end

  ## Authentication routes

  # scope "/", BrightWeb do
  #   pipe_through [:browser, :redirect_if_user_is_authenticated]

  #   live_session :redirect_if_user_is_authenticated,
  #     on_mount: [{BrightWeb.UserAuth, :redirect_if_user_is_authenticated}] do
  #     live "/users/register", UserRegistrationLive, :new
  #     live "/users/log_in", UserLoginLive, :new
  #     live "/users/reset_password", UserForgotPasswordLive, :new
  #     live "/users/reset_password/:token", UserResetPasswordLive, :edit
  #   end

  #   post "/users/log_in", UserSessionController, :create
  # end

  # scope "/", BrightWeb do
  #   pipe_through [:browser, :require_authenticated_user]

  #   live_session :require_authenticated_user,
  #     on_mount: [{BrightWeb.UserAuth, :ensure_authenticated}] do
  #     live "/users/settings", UserSettingsLive, :edit
  #     live "/users/settings/confirm_email/:token", UserSettingsLive, :confirm_email
  #   end
  # end

  # scope "/", BrightWeb do
  #   pipe_through [:browser]

  #   delete "/users/log_out", UserSessionController, :delete

  #   live_session :current_user,
  #     on_mount: [{BrightWeb.UserAuth, :mount_current_user}] do
  #     live "/users/confirm/:token", UserConfirmationLive, :edit
  #     live "/users/confirm", UserConfirmationInstructionsLive, :new
  #   end
  # end
end