using System.Net;
using System.Net.Http.Headers;
using System.Net.Http.Json;
using Xunit;

namespace TeamUp.IntegrationTests;

/// <summary>
/// M1 board acceptance at the API level: an owner sets up the org + a team, creates a task, moves
/// it across columns, assigns it, and sees it on the board and in the cartable. An invited Member
/// can view the board but cannot create a team (owner-only).
/// </summary>
public sealed class BoardFlowTests(PostgresFixture postgres) : IClassFixture<PostgresFixture>
{
    private sealed record BootstrapResponse(string Token, Guid MemberId, Guid OrganizationId);

    private sealed record AuthResponse(string Token, Guid MemberId);

    private sealed record InviteResponse(Guid InvitationId, string Token);

    private sealed record OrganizationResponse(Guid Id, string Name);

    private sealed record TeamResponse(Guid Id, Guid OrganizationId, string Name);

    private sealed record TaskResponse(
        Guid Id, Guid TeamId, string Title, string? Description, string Type,
        string Status, string AssigneeKind, Guid? AssigneeId, Guid? ParentId);

    private sealed record BoardColumn(string Status, List<TaskResponse> Items);

    private sealed record BoardResponse(Guid TeamId, List<BoardColumn> Columns);

    [Fact]
    public async Task Owner_builds_board_and_member_is_scoped()
    {
        await using var factory = new TeamUpWebFactory(postgres.ConnectionString);
        using var anon = factory.CreateClient();

        var owner = await Bootstrap(anon);
        using var ownerClient = Authed(factory, owner.Token);

        // Set the organization name (idempotent upsert on the bootstrapped org scope).
        var org = await PostOk<OrganizationResponse>(ownerClient, "/api/orgboard/organizations",
            new { organizationId = owner.OrganizationId, name = "AliaSaaS" });
        Assert.Equal(owner.OrganizationId, org.Id);

        // Create a team and list it.
        var team = await PostOk<TeamResponse>(ownerClient, "/api/orgboard/teams",
            new { organizationId = owner.OrganizationId, name = "IPNOPS" });
        var teams = await ownerClient.GetFromJsonAsync<List<TeamResponse>>(
            $"/api/orgboard/teams?organizationId={owner.OrganizationId}");
        Assert.Contains(teams!, t => t.Id == team.Id);

        // Create a task → it lands in Backlog, unassigned.
        var task = await PostOk<TaskResponse>(ownerClient, "/api/orgboard/tasks",
            new { teamId = team.Id, title = "Build the login screen", description = "M1", type = "Story" });
        Assert.Equal("Backlog", task.Status);
        Assert.Equal("Unassigned", task.AssigneeKind);

        // Move it to In Progress and assign it to the owner.
        var moved = await PatchOk<TaskResponse>(ownerClient, $"/api/orgboard/tasks/{task.Id}/move",
            new { status = "InProgress" });
        Assert.Equal("InProgress", moved.Status);

        var assigned = await PatchOk<TaskResponse>(ownerClient, $"/api/orgboard/tasks/{task.Id}/assign",
            new { memberId = owner.MemberId });
        Assert.Equal("Member", assigned.AssigneeKind);
        Assert.Equal(owner.MemberId, assigned.AssigneeId);

        // The board shows it under In Progress.
        var board = await ownerClient.GetFromJsonAsync<BoardResponse>($"/api/orgboard/board?teamId={team.Id}");
        var inProgress = board!.Columns.Single(c => c.Status == "InProgress");
        Assert.Contains(inProgress.Items, i => i.Id == task.Id);

        // The owner's cartable shows the assigned task.
        var cartable = await ownerClient.GetFromJsonAsync<List<TaskResponse>>("/api/orgboard/cartable");
        Assert.Contains(cartable!, i => i.Id == task.Id);

        // Invite a Member at the org scope and accept.
        var invite = await PostOk<InviteResponse>(ownerClient, "/api/identity/invitations", new
        {
            email = "dev@alia.test",
            scopeType = "Organization",
            scopeId = owner.OrganizationId,
            role = "Member",
            organizationId = owner.OrganizationId,
        });
        var member = await PostOk<AuthResponse>(anon, "/api/identity/invitations/accept",
            new { token = invite.Token, displayName = "Dev", password = "Passw0rd!" });

        using var memberClient = Authed(factory, member.Token);

        // The member can view the board…
        var memberBoard = await memberClient.GetAsync($"/api/orgboard/board?teamId={team.Id}");
        Assert.Equal(HttpStatusCode.OK, memberBoard.StatusCode);

        // …but cannot create a team (owner-only).
        var memberTeam = await memberClient.PostAsJsonAsync("/api/orgboard/teams",
            new { organizationId = owner.OrganizationId, name = "Nope" });
        Assert.Equal(HttpStatusCode.Forbidden, memberTeam.StatusCode);
    }

    private static async Task<BootstrapResponse> Bootstrap(HttpClient client)
    {
        var response = await PostOk<BootstrapResponse>(client, "/api/identity/bootstrap", new
        {
            organizationName = "AliaSaaS",
            ownerEmail = "owner@alia.test",
            ownerDisplayName = "Owner",
            ownerPassword = "Passw0rd!",
        });
        return response;
    }

    private static HttpClient Authed(TeamUpWebFactory factory, string token)
    {
        var client = factory.CreateClient();
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
        return client;
    }

    private static async Task<T> PostOk<T>(HttpClient client, string url, object body)
    {
        var response = await client.PostAsJsonAsync(url, body);
        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
        var value = await response.Content.ReadFromJsonAsync<T>();
        Assert.NotNull(value);
        return value!;
    }

    private static async Task<T> PatchOk<T>(HttpClient client, string url, object body)
    {
        var response = await client.PatchAsJsonAsync(url, body);
        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
        var value = await response.Content.ReadFromJsonAsync<T>();
        Assert.NotNull(value);
        return value!;
    }
}