package api

import (
	"errors"
	"net/http"

	"github.com/alexei/tinyforge/internal/store"
	"github.com/go-chi/chi/v5"
)

// listWorkloads handles GET /api/workloads. Optional ?kind=project|stack|site
// filter narrows the result. The shape mirrors the projects/stacks/sites
// listing endpoints — clients use this to render the global Workloads view.
func (s *Server) listWorkloads(w http.ResponseWriter, r *http.Request) {
	kind := store.WorkloadKind(r.URL.Query().Get("kind"))
	out, err := s.store.ListWorkloads(kind)
	if err != nil {
		respondError(w, http.StatusInternalServerError, "list workloads")
		return
	}
	respondJSON(w, http.StatusOK, out)
}

// getWorkload handles GET /api/workloads/{id}.
func (s *Server) getWorkload(w http.ResponseWriter, r *http.Request) {
	id := chi.URLParam(r, "id")
	wl, err := s.store.GetWorkloadByID(id)
	if err != nil {
		if errors.Is(err, store.ErrNotFound) {
			respondNotFound(w, "workload")
			return
		}
		respondError(w, http.StatusInternalServerError, "get workload")
		return
	}
	respondJSON(w, http.StatusOK, wl)
}

// streamWorkloadContainerLogs handles GET /api/workloads/{id}/containers/{cid}/logs.
// Reuses the shared SSE/JSON log streamer; ownership is verified by joining
// through workload_id on the container row so an attacker can't stream
// logs from a foreign container by guessing IDs under the wrong workload URL.
func (s *Server) streamWorkloadContainerLogs(w http.ResponseWriter, r *http.Request) {
	workloadID := chi.URLParam(r, "id")
	containerRowID := chi.URLParam(r, "cid")

	c, err := s.store.GetContainerByID(containerRowID)
	if err != nil {
		if errors.Is(err, store.ErrNotFound) {
			respondNotFound(w, "container")
			return
		}
		respondError(w, http.StatusInternalServerError, "internal server error")
		return
	}
	if c.WorkloadID != workloadID {
		// Returning 404 (not 403) so the existence of a container under
		// another workload is not confirmed.
		respondNotFound(w, "container")
		return
	}
	if c.ContainerID == "" {
		respondError(w, http.StatusBadRequest, "container row has no docker container bound")
		return
	}
	s.streamLogsForContainer(w, r, c.ContainerID)
}

// listWorkloadContainers handles GET /api/workloads/{id}/containers.
// Returns every Container row owned by this workload, newest first. The
// frontend's <WorkloadContainers> component uses this on every kind-specific
// detail page (project, stack, site) so the table shape is uniform.
func (s *Server) listWorkloadContainers(w http.ResponseWriter, r *http.Request) {
	id := chi.URLParam(r, "id")
	out, err := s.store.ListContainersByWorkload(id)
	if err != nil {
		respondError(w, http.StatusInternalServerError, "list workload containers")
		return
	}
	respondJSON(w, http.StatusOK, out)
}

// updateWorkloadAppID handles PATCH /api/workloads/{id}/app. Body: {"app_id": "..."}.
// Empty string clears the app assignment. Used by the (optional) Apps UI.
func (s *Server) updateWorkloadAppID(w http.ResponseWriter, r *http.Request) {
	id := chi.URLParam(r, "id")

	var req struct {
		AppID string `json:"app_id"`
	}
	if !decodeJSON(w, r, &req) {
		return
	}

	wl, err := s.store.GetWorkloadByID(id)
	if err != nil {
		if errors.Is(err, store.ErrNotFound) {
			respondNotFound(w, "workload")
			return
		}
		respondError(w, http.StatusInternalServerError, "get workload")
		return
	}
	wl.AppID = req.AppID
	if err := s.store.UpdateWorkload(wl); err != nil {
		respondError(w, http.StatusInternalServerError, "update workload")
		return
	}
	respondJSON(w, http.StatusOK, wl)
}