<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Http\Requests\Auth\LoginRequest;
use App\Mail\TwoFactorPinMail;
use App\Services\SiteSettingsService;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Mail;
use Illuminate\View\View;

class AuthenticatedSessionController extends Controller
{
    public function create(): View
    {
        return view('auth.login');
    }

    public function store(LoginRequest $request): RedirectResponse
    {
        $request->authenticate();

        // Si SMTP configuré → 2FA par code PIN
        if (SiteSettingsService::smtpConfigured()) {
            $user     = Auth::user();
            $intended = $request->session()->pull('url.intended', route('dashboard'));

            $pin = str_pad(random_int(0, 999999), 6, '0', STR_PAD_LEFT);

            // Déconnecter et stocker les données 2FA dans la session
            Auth::logout();
            $request->session()->regenerate();
            $request->session()->put([
                '2fa.user_id'    => $user->id,
                '2fa.pin_hash'   => Hash::make($pin),
                '2fa.expires_at' => now()->addMinutes(10)->timestamp,
                '2fa.intended'   => $intended,
            ]);

            try {
                Mail::to($user->email)->send(new TwoFactorPinMail($pin, $user->name));
            } catch (\Exception $e) {
                // Si l'envoi échoue, on logue l'erreur et on laisse passer sans 2FA
                Log::error('2FA: envoi du PIN impossible.', ['error' => $e->getMessage()]);
                $request->session()->forget('2fa');
                Auth::login($user);
                $request->session()->regenerate();
                return redirect($intended);
            }

            return redirect()->route('2fa.challenge');
        }

        $request->session()->regenerate();

        return redirect()->intended(route('dashboard', absolute: false));
    }

    public function destroy(Request $request): RedirectResponse
    {
        Auth::guard('web')->logout();

        $request->session()->invalidate();
        $request->session()->regenerateToken();

        return redirect('/');
    }
}