defmodule BrightWeb.Router do
  use BrightWeb, :router

  import Oban.Web.Router
  alias BrightWeb.Plug
  alias Bright.Repo

  import BrightWeb.AuthController, only: [
    fetch_current_user: 2,
    require_admin_user: 2
  ]


  pipeline :browser do
    plug :accepts, ["html", "json", "txt"]
    plug :fetch_session
    plug :fetch_live_flash
    plug :fetch_current_user
    plug :put_root_layout, html: {BrightWeb.Layouts, :root}
    plug :protect_from_forgery
    plug :put_secure_browser_headers
  end



  pipeline :api do
    plug(:accepts, ["json"])
  end



  scope "/auth", BrightWeb do
    pipe_through :browser

    live_session :auth_login, on_mount: {BrightWeb.AuthController, :current_user} do
      live "/login", SignInLive, :index
    end

    get "/logout", AuthController, :delete
    get "/:provider", AuthController, :request
    get "/:provider/callback", AuthController, :callback
    post "/:provider/callback", AuthController, :callback
  end



  ## protected routes
  ## this section needs to be above the unprotected routes,
  ## so routes like "/streams/new" take precedence.
  scope "/", BrightWeb do
    pipe_through [:browser, :require_admin_user]

    get "/streams/new", StreamController, :new
    post "/streams", StreamController, :create
    get "/streams/:id/edit", StreamController, :edit
    put "/streams/:id", StreamController, :update


    get "/vods/new", VodController, :new
    post "/vods", VodController, :create
    delete "/vods/:id", VodController, :delete
    get "/vods/:id/edit", VodController, :edit

    resources "/vt", VtuberController do
      get "/vods/new", VodController, :new
      post "/vods", VodController, :create
      get "/vtubers/:id/edit", VtuberController, :edit
    end

    resources "/vtubers", VtuberController do
      get "/new", VtuberController, :new
      post "/", VtuberController, :create
      get "/vods/new", VodController, :new
      post "/vods", VodController, :create
      get "/vtubers/:id/edit", VtuberController, :edit
    end

    get "/tags/new", TagController, :new
    post "/tags", TagController, :create

    resources "/torrents", TorrentController, only: [:create, :new, :edit, :update]

    ## !!! DANGER, platforms must only be writable by admins, (unless we implement SVG sanitizing)
    ## @todo remove SVGs from the database and instead put them in assets
    get "/platforms/new", PlatformController, :new
    post "/platforms", PlatformController, :create
    get "/platforms/:id/edit", PlatformController, :edit
    patch "/platforms/:id", PlatformController, :update
    delete "/platforms/:id", PlatformController, :delete
    put "/platforms/:id", PlatformController, :update

    oban_dashboard "/oban"

  end

  scope "/", BrightWeb do
    pipe_through :browser

    get "/", PageController, :home

    get "/patrons", PatronController, :index
    get "/about", PageController, :about
    get "/goals", PageController, :about
    get "/api", PageController, :api

    get "/join", AuthController, :new
    post "/join", AuthController, :new
    post "/join", AuthController, :new

    resources "/torrents", TorrentController, only: [:index, :show]

    get "/streams", StreamController, :index
    get "/streams/:id", StreamController, :show

    get "/vods/:id", VodController, :show
    get "/vods", VodController, :index

    get "/tags", TagController, :index
    get "/tags/:id", TagController, :show

    get "/platforms", PlatformController, :index
    get "/platforms/:id", PlatformController, :show

    get "/vtubers", VtuberController, :index
    get "/vtubers/:id", VtuberController, :show

    resources "/vt", VtuberController do
      get "/vods", VodController, :index
      get "/vods/:id", VodController, :show
    end


  end






  scope "/feeds", BrightWeb do
    get "/vods.xml", RssController, :vods
  end

  # Other scopes may use custom stacks.
  scope "/api", BrightWeb do
    pipe_through(:api)
    resources("/urls", UrlController, except: [:new, :edit])
    get("/health", PageController, :health)
  end

  # Enable LiveDashboard and Swoosh mailbox preview in development
  if Application.compile_env(:bright, :dev_routes) do
    # If you want to use the LiveDashboard in production, you should put
    # it behind authentication and allow only admins to access it.
    # If your application does not have an admins-only section yet,
    # you can use Plug.BasicAuth to set up some basic authentication
    # as long as you are also using SSL (which you should anyway).
    import Phoenix.LiveDashboard.Router

    scope "/dev" do
      pipe_through(:browser)

      live_dashboard("/dashboard", metrics: BrightWeb.Telemetry)
      forward("/mailbox", Plug.Swoosh.MailboxPreview)
    end
  end






  ## Authentication routes
  scope "/", BrightWeb do
    pipe_through [:browser]



    live_session :authenticated,
        on_mount: [{BrightWeb.AuthController, :ensure_authenticated}] do
      live "/profile", ProfileLive
    end

  end




end