using System.Security.Claims;
using System.Text.Json;
using Akka.Actor;
using Microsoft.AspNetCore.Components.Authorization;
using Microsoft.Extensions.Logging;
using ZB.MOM.WW.ScadaBridge.Commons.Messages.Management;
using ZB.MOM.WW.ScadaBridge.ManagementService;
using ZB.MOM.WW.ScadaBridge.Security;

namespace ZB.MOM.WW.ScadaBridge.CentralUI.Services;

/// <summary>
/// Default <see cref="ISecuredWriteService"/> implementation — a thin facade that
/// dispatches the secured-write management commands to the central
/// <c>ManagementActor</c> through the in-process <see cref="ManagementActorHolder"/>
/// (the same Ask seam the HTTP <c>/management</c> endpoint uses). The actor authorizes
/// the command against the supplied <see cref="AuthenticatedUser"/>, enforces
/// separation-of-duties, runs the MxGateway device relay on approve, and writes the
/// audit row — none of that is re-implemented here.
/// </summary>
/// <remarks>
/// The current Blazor principal is projected to an <see cref="AuthenticatedUser"/> so
/// the server's role gate and no-self-approval guard run against the real identity.
/// The three management response shapes plus any transport fault collapse into a typed
/// <see cref="SecuredWriteActionResult"/> (or an empty list for queries) so the page can
/// render inline outcomes without try/catch noise.
/// </remarks>
public sealed class SecuredWriteService : ISecuredWriteService
{
    /// <summary>
    /// camelCase + ignore-cycles, matching <c>ManagementActor.SerializeResult</c>'s
    /// options. <see cref="ManagementSuccess.JsonData"/> is produced with those settings,
    /// so the deserializer must mirror them to bind every property.
    /// </summary>
    private static readonly JsonSerializerOptions ResultDeserializerOptions = new()
    {
        PropertyNameCaseInsensitive = true,
        PropertyNamingPolicy = JsonNamingPolicy.CamelCase
    };

    private static readonly TimeSpan AskTimeout = TimeSpan.FromSeconds(30);

    private readonly ManagementActorHolder _holder;
    private readonly AuthenticationStateProvider _auth;
    private readonly ILogger<SecuredWriteService> _logger;

    /// <summary>
    /// Initializes a new instance of the <see cref="SecuredWriteService"/>.
    /// </summary>
    /// <param name="holder">Holder for the central <c>ManagementActor</c> reference.</param>
    /// <param name="auth">Authentication state provider used to project the current principal.</param>
    /// <param name="logger">Logger instance.</param>
    public SecuredWriteService(
        ManagementActorHolder holder,
        AuthenticationStateProvider auth,
        ILogger<SecuredWriteService> logger)
    {
        _holder = holder ?? throw new ArgumentNullException(nameof(holder));
        _auth = auth ?? throw new ArgumentNullException(nameof(auth));
        _logger = logger ?? throw new ArgumentNullException(nameof(logger));
    }

    /// <inheritdoc/>
    public Task<SecuredWriteActionResult> SubmitAsync(
        string siteId, string connectionName, string tagPath, string valueJson,
        string valueType, string? comment, CancellationToken cancellationToken = default)
        => DispatchAsync(
            new SubmitSecuredWriteCommand(siteId, connectionName, tagPath, valueJson, valueType, comment),
            cancellationToken);

    /// <inheritdoc/>
    public Task<SecuredWriteActionResult> ApproveAsync(
        long id, string? comment, CancellationToken cancellationToken = default)
        => DispatchAsync(new ApproveSecuredWriteCommand(id, comment), cancellationToken);

    /// <inheritdoc/>
    public Task<SecuredWriteActionResult> RejectAsync(
        long id, string? comment, CancellationToken cancellationToken = default)
        => DispatchAsync(new RejectSecuredWriteCommand(id, comment), cancellationToken);

    /// <inheritdoc/>
    public async Task<IReadOnlyList<SecuredWriteDto>> ListAsync(
        string? status, string? siteId, CancellationToken cancellationToken = default)
    {
        var response = await SendAsync(new ListSecuredWritesCommand(status, siteId), cancellationToken);
        if (response is ManagementSuccess success)
        {
            var result = JsonSerializer.Deserialize<SecuredWriteListResult>(
                success.JsonData, ResultDeserializerOptions);
            return result?.Items ?? Array.Empty<SecuredWriteDto>();
        }

        // Read path: log + return empty so the queue/history tables render gracefully.
        _logger.LogWarning(
            "ListSecuredWrites failed: {Response}", DescribeFailure(response));
        return Array.Empty<SecuredWriteDto>();
    }

    /// <summary>
    /// Dispatches a single mutating command and maps the response (or any fault) to a
    /// typed <see cref="SecuredWriteActionResult"/>.
    /// </summary>
    private async Task<SecuredWriteActionResult> DispatchAsync(
        object command, CancellationToken cancellationToken)
    {
        var response = await SendAsync(command, cancellationToken);
        switch (response)
        {
            case ManagementSuccess success:
                var dto = JsonSerializer.Deserialize<SecuredWriteDto>(
                    success.JsonData, ResultDeserializerOptions);
                return dto is null
                    ? SecuredWriteActionResult.Fail("The server returned an unreadable result.")
                    : SecuredWriteActionResult.Ok(dto);
            case ManagementUnauthorized unauthorized:
                return SecuredWriteActionResult.Fail(unauthorized.Message);
            case ManagementError error:
                return SecuredWriteActionResult.Fail(error.Error);
            default:
                return SecuredWriteActionResult.Fail(DescribeFailure(response));
        }
    }

    /// <summary>
    /// Wraps <paramref name="command"/> in a <see cref="ManagementEnvelope"/> for the
    /// current principal and Asks the <c>ManagementActor</c>. Transport faults (timeout,
    /// actor not yet started, cancellation→propagated) become a synthetic
    /// <see cref="ManagementError"/> so callers handle one response shape.
    /// </summary>
    private async Task<object> SendAsync(object command, CancellationToken cancellationToken)
    {
        var actor = _holder.ActorRef;
        if (actor is null)
        {
            return new ManagementError(
                string.Empty, "Management service is not ready.", "SERVICE_UNAVAILABLE");
        }

        var user = await BuildAuthenticatedUserAsync();
        var envelope = new ManagementEnvelope(user, command, Guid.NewGuid().ToString("N"));

        try
        {
            return await actor.Ask<object>(envelope, AskTimeout, cancellationToken);
        }
        catch (OperationCanceledException)
        {
            // Caller-initiated cancel (e.g. circuit teardown) — propagate cleanly.
            throw;
        }
        catch (Exception ex)
        {
            _logger.LogError(ex, "ManagementActor Ask failed for {Command}", command.GetType().Name);
            return new ManagementError(string.Empty, ex.Message, "TRANSPORT_ERROR");
        }
    }

    /// <summary>
    /// Projects the current Blazor <see cref="ClaimsPrincipal"/> to the
    /// <see cref="AuthenticatedUser"/> the actor authorizes against — username,
    /// display name, role claims, and the permitted-site scope claims (mirrors the
    /// claim set the HTTP endpoint constructs).
    /// </summary>
    private async Task<AuthenticatedUser> BuildAuthenticatedUserAsync()
    {
        var state = await _auth.GetAuthenticationStateAsync();
        var principal = state.User;

        var username = principal.FindFirst(JwtTokenService.UsernameClaimType)?.Value ?? "unknown";
        var displayName = principal.FindFirst(JwtTokenService.DisplayNameClaimType)?.Value ?? username;
        var roles = principal.FindAll(JwtTokenService.RoleClaimType).Select(c => c.Value).ToArray();
        var permittedSiteIds = principal.FindAll(JwtTokenService.SiteIdClaimType).Select(c => c.Value).ToArray();

        return new AuthenticatedUser(username, displayName, roles, permittedSiteIds);
    }

    /// <summary>Renders a fallback description for an unexpected/failure response.</summary>
    private static string DescribeFailure(object response) => response switch
    {
        ManagementUnauthorized unauthorized => unauthorized.Message,
        ManagementError error => error.Error,
        _ => "Unexpected response from the management service."
    };
}