<?php

use Illuminate\Support\Facades\Route;
use App\Http\Controllers\AuthController;
use App\Http\Controllers\RideController;
use App\Http\Controllers\TrackingController;
use App\Http\Controllers\ProfileController;
use App\Http\Controllers\WalletController;
use App\Http\Controllers\RatingController;
use App\Http\Controllers\PromoController;
use App\Http\Controllers\OtpController;
use App\Http\Controllers\UploadController;
use App\Http\Controllers\PlaceController;
use App\Http\Controllers\NotificationController;

/*
|--------------------------------------------------------------------------
| Intaleq V2 API Routes
|--------------------------------------------------------------------------
|
| All routes are prefixed with /v2 and use JSON responses.
| Public routes: auth endpoints only.
| Protected routes: require JWT + HMAC middleware.
|
*/

// ══════════════════════════════════════════════
// PUBLIC — Authentication (no middleware)
// ══════════════════════════════════════════════
Route::prefix('v2/auth')->group(function () {
    // Passenger
    Route::post('/passenger/login', [AuthController::class, 'passengerLogin']);
    Route::post('/passenger/register', [AuthController::class, 'passengerRegister']);
    Route::post('/passenger/wallet-login', [AuthController::class, 'passengerWalletLogin']);

    // Driver
    Route::post('/driver/login', [AuthController::class, 'driverLogin']);
    Route::post('/driver/register', [AuthController::class, 'driverRegister']);
    Route::post('/driver/wallet-login', [AuthController::class, 'driverWalletLogin']);

    // Admin & Service
    Route::post('/admin/login', [AuthController::class, 'adminLogin']);
});

// OTP (public, but rate-limited)
Route::prefix('v2/otp')->middleware('throttle:10,1')->group(function () {
    Route::post('/send', [OtpController::class, 'send']);
    Route::post('/verify', [OtpController::class, 'verify']);
    Route::post('/email/send', [OtpController::class, 'sendEmail']);
    Route::post('/email/verify', [OtpController::class, 'verifyEmail']);
    Route::get('/check-phone', [OtpController::class, 'checkPhone']);
});

// ══════════════════════════════════════════════
// PROTECTED — Require JWT + HMAC
// ══════════════════════════════════════════════
Route::prefix('v2')->middleware(['hmac.auth', 'jwt.auth'])->group(function () {

    // ── Rides ──
    Route::post('/rides', [RideController::class, 'store']);
    Route::get('/rides', [RideController::class, 'index']);
    Route::get('/rides/active', [RideController::class, 'active']);
    Route::get('/rides/{id}', [RideController::class, 'show']);
    Route::post('/rides/{id}/accept', [RideController::class, 'accept']);
    Route::post('/rides/{id}/arrive', [RideController::class, 'arrive']);
    Route::post('/rides/{id}/start', [RideController::class, 'start']);
    Route::post('/rides/{id}/finish', [RideController::class, 'finish']);
    Route::post('/rides/{id}/cancel/passenger', [RideController::class, 'cancelByPassenger']);
    Route::post('/rides/{id}/cancel/driver', [RideController::class, 'cancelByDriver']);
    Route::post('/rides/{id}/retry', [RideController::class, 'retrySearch']);
    Route::put('/rides/{id}', [RideController::class, 'update']);

    // ── Tracking ──
    Route::get('/tracking/driver/{rideId}', [TrackingController::class, 'driverLocation']);
    Route::get('/tracking/heatmap', [TrackingController::class, 'heatmap']);
    Route::get('/tracking/captain-stats', [TrackingController::class, 'captainStats']);

    // ── Profile ──
    Route::get('/profile/passenger', [ProfileController::class, 'passenger']);
    Route::get('/profile/driver', [ProfileController::class, 'driver']);
    Route::put('/profile/passenger', [ProfileController::class, 'updatePassenger']);
    Route::put('/profile/driver/email', [ProfileController::class, 'updateDriverEmail']);

    // ── Wallet ──
    Route::get('/wallet/passenger', [WalletController::class, 'index']);
    Route::get('/wallet/passenger/balance', [WalletController::class, 'balance']);
    Route::post('/wallet/passenger', [WalletController::class, 'addFunds']);
    Route::put('/wallet/passenger', [WalletController::class, 'update']);
    Route::get('/wallet/passenger/transactions', [WalletController::class, 'transactions']);
    Route::post('/wallet/passenger/token', [WalletController::class, 'addToken']);

    // ── Ratings ──
    Route::post('/ratings/driver', [RatingController::class, 'rateDriver']);
    Route::post('/ratings/passenger', [RatingController::class, 'ratePassenger']);
    Route::post('/ratings/app', [RatingController::class, 'rateApp']);
    Route::get('/ratings/driver/{id}', [RatingController::class, 'driverRating']);
    Route::get('/ratings/passenger/{id}', [RatingController::class, 'passengerRating']);

    // ── Promos ──
    Route::get('/promos', [PromoController::class, 'index']);
    Route::get('/promos/check', [PromoController::class, 'check']);
    Route::post('/promos', [PromoController::class, 'store']);
    Route::put('/promos/{id}', [PromoController::class, 'update']);
    Route::delete('/promos/{id}', [PromoController::class, 'destroy']);

    // ── Uploads ──
    Route::post('/uploads/card-image', [UploadController::class, 'cardImage']);
    Route::post('/uploads/profile-image', [UploadController::class, 'profileImage']);
    Route::post('/uploads/document', [UploadController::class, 'document']);
    Route::post('/uploads/id-front', [UploadController::class, 'idFront']);
    Route::post('/uploads/id-back', [UploadController::class, 'idBack']);
    Route::post('/uploads/audio', [UploadController::class, 'audio']);

    // ── Places ──
    Route::get('/places/search', [PlaceController::class, 'search']);
    Route::post('/places', [PlaceController::class, 'store']);

    // ── Notifications ──
    Route::get('/notifications', [NotificationController::class, 'index']);
    Route::put('/notifications/{id}/read', [NotificationController::class, 'markRead']);
});

// ══════════════════════════════════════════════
// PUBLIC Tracking (special — uses hash auth like V1)
// ══════════════════════════════════════════════
Route::get('v2/tracking/public/{rideId}', [TrackingController::class, 'publicTrack']);

// ══════════════════════════════════════════════
// ADMIN ROUTES (require admin JWT)
// ══════════════════════════════════════════════
Route::prefix('v2/admin')->middleware(['hmac.auth', 'jwt.auth', 'admin'])->group(function () {
    // Driver management
    Route::get('/drivers', [Admin\DriverManagementController::class, 'index']);
    Route::get('/drivers/search', [Admin\DriverManagementController::class, 'search']);
    Route::post('/drivers/{id}/activate', [Admin\DriverManagementController::class, 'activate']);
    Route::post('/drivers/{id}/deactivate', [Admin\DriverManagementController::class, 'deactivate']);
    Route::post('/drivers/{id}/add-car', [Admin\DriverManagementController::class, 'addCar']);
    Route::post('/drivers/{id}/notes', [Admin\DriverManagementController::class, 'addNote']);

    // Passenger management
    Route::get('/passengers', [Admin\PassengerManagementController::class, 'index']);
    Route::get('/passengers/search', [Admin\PassengerManagementController::class, 'search']);

    // Ride management
    Route::get('/rides', [Admin\RideManagementController::class, 'index']);
    Route::get('/rides/{id}', [Admin\RideManagementController::class, 'show']);

    // Stats
    Route::get('/stats/overview', [Admin\StatsController::class, 'overview']);
    Route::get('/stats/rides', [Admin\StatsController::class, 'rides']);
    Route::get('/stats/drivers-monthly', [Admin\StatsController::class, 'driversMonthly']);
    Route::get('/stats/employees', [Admin\StatsController::class, 'employees']);
});