<?php

/**
 * ============================================================
 *
 * @project   biiproject
 *
 * @author    Andika Debi Putra
 *
 * @email     andikadebiputra@gmail.com
 *
 * @website   https://biiproject.com
 *
 * @copyright Copyright (c) 2026 Andika Debi Putra
 * @license   Proprietary - All Rights Reserved
 *
 * @version   1.0.0
 *
 * @created   2026-05-01
 * ============================================================
 *
 * Unauthorized copying, modification, distribution, or use
 * of this file is strictly prohibited without prior written
 * permission from the author.
 * ============================================================
 */

use App\Http\Controllers\AccessControl\ActionLogController;
use App\Http\Controllers\AccessControl\PermissionManagementController;
use App\Http\Controllers\AccessControl\RoleManagementController;
use App\Http\Controllers\AccessControl\UserManagementController;
use App\Http\Controllers\Admin\MobileSettingController;
use App\Http\Controllers\AI\AiAssistantController;
use App\Http\Controllers\AI\LogAnalysisController;
use App\Http\Controllers\Auth\SocialAuthController;
use App\Http\Controllers\DashboardController;
use App\Http\Controllers\ImpersonateController;
use App\Http\Controllers\LegalController;
use App\Http\Controllers\ProfileController;
use App\Http\Controllers\System\GlobalSearchController;
use App\Http\Controllers\SystemSettings\BackupRestoreController;
use App\Http\Controllers\SystemSettings\EditorUploadController;
use App\Http\Controllers\SystemSettings\MaintenanceModeController;
use App\Http\Controllers\SystemSettings\NotificationCenterController;
use App\Http\Controllers\SystemSettings\SessionManagerController;
use App\Http\Controllers\SystemSettings\SystemConfigController;
use App\Http\Controllers\SystemSettings\SystemMonitoringController;
use App\Services\SystemConfig\SystemConfigService;
use Illuminate\Support\Facades\Route;

// Public homepage
Route::get('/', function () {
    if (! app(SystemConfigService::class)->get('enable_landing_page', true)) {
        return redirect()->route('login');
    }

    return view('welcome');
})->name('homepage');

Route::get('/public-config', [SystemConfigController::class, 'publicConfig'])->name('system-config.public');

// LEGAL & CONTENT PAGES (UU PDP COMPLIANCE)
Route::get('/legal/re-agree', [LegalController::class, 'reAgree'])
    ->middleware('auth')
    ->name('legal.re-agree');
Route::post('/legal/re-agree', [LegalController::class, 'postReAgree'])
    ->middleware('auth')
    ->name('legal.re-agree.post');
Route::get('/legal/{type}', [LegalController::class, 'show'])->name('legal.show');

// UNIFIED SOCIAL OAUTH
// callback must come BEFORE the {provider} wildcard, otherwise /auth/callback
// resolves to redirect('callback') and 404s on the missing feature flag.
Route::get('/auth/callback', [SocialAuthController::class, 'callback']);
Route::get('/auth/{provider}', [SocialAuthController::class, 'redirect'])
    ->where('provider', 'google|facebook|github')
    ->name('auth.social');

// AUTHENTICATED AREA (ALL ROLES)
Route::middleware(['auth'])->group(function () {

    // DASHBOARD (ALL ROLES)
    Route::get('/dashboard', [DashboardController::class, 'index'])
        ->middleware(['permission:view dashboard', 'active-permission:view dashboard'])
        ->name('dashboard');

    Route::post('/dashboard/widgets', [DashboardController::class, 'saveWidgetPreferences'])
        ->middleware(['permission:view dashboard'])
        ->name('dashboard.widgets.save');

    // PROFILE (ALL ROLES)
    Route::get('/profile', [ProfileController::class, 'edit'])->name('profile.edit');
    Route::patch('/profile', [ProfileController::class, 'update'])->name('profile.update');
    Route::delete('/profile', [ProfileController::class, 'destroy'])->name('profile.destroy');

    // IMPERSONATE (SPECIAL CASE)
    Route::post('/impersonate/stop', [ImpersonateController::class, 'stop'])
        ->name('impersonate.stop');
    Route::post('/impersonate/{user}', [ImpersonateController::class, 'start'])
        ->middleware('permission:impersonate users')
        ->name('impersonate.start');

});

// ADMIN AREA (ADMIN + SUPERADMIN)

// USER MANAGEMENT
Route::get('/users', [UserManagementController::class, 'index'])
    ->middleware(['auth', 'permission:view user directory', 'active-permission:view user directory'])
    ->name('users');

Route::middleware(['auth', 'permission:manage user directory', 'active-permission:manage user directory'])->group(function () {
    Route::post('/users', [UserManagementController::class, 'store'])->name('users.store');
    Route::put('/users/{id}', [UserManagementController::class, 'update'])->name('users.update');
    Route::delete('/users/{id}', [UserManagementController::class, 'destroy'])->name('users.destroy');
    Route::post('/users/toggle-status', [UserManagementController::class, 'toggleStatus'])->name('users.toggle-status');
    Route::post('/users/{id}/restore', [UserManagementController::class, 'restore'])->name('users.restore');
    Route::delete('/users/{id}/force', [UserManagementController::class, 'forceDelete'])->name('users.force-delete');

    // Bulk Actions
    Route::post('/users/bulk-toggle-status', [UserManagementController::class, 'bulkToggleStatus'])->name('users.bulk-toggle-status');
    Route::post('/users/bulk-delete', [UserManagementController::class, 'bulkDelete'])->name('users.bulk-delete');
    Route::post('/users/bulk-restore', [UserManagementController::class, 'bulkRestore'])->name('users.bulk-restore');
    Route::post('/users/bulk-force-delete', [UserManagementController::class, 'bulkForceDelete'])->name('users.bulk-force-delete');
});

// SUPER ADMIN ONLY AREA

// SYSTEM CONFIG
Route::get('/system-config', [SystemConfigController::class, 'index'])
    ->middleware(['auth', 'permission:view global settings'])
    ->name('system-config');

Route::middleware(['auth', 'permission:manage global settings'])->group(function () {
    Route::put('/system-config', [SystemConfigController::class, 'update'])->name('system-config.update');

    // Tab-scoped action routes — require manage permission for the specific tab
    Route::post('/system-config/test-email', [SystemConfigController::class, 'testEmail'])
        ->middleware('tab-permission:global settings,notification,manage')
        ->name('system-config.test-email');
    Route::post('/system-config/test-sap', [SystemConfigController::class, 'testSapConnection'])
        ->middleware('tab-permission:global settings,sap-integration,manage')
        ->name('system-config.test-sap');
    Route::post('/system-config/test-db', [SystemConfigController::class, 'testDatabaseConnection'])
        ->middleware('tab-permission:global settings,monitoring,manage')
        ->name('system-config.test-db');
    Route::post('/system-config/ai-simulate', [SystemConfigController::class, 'simulateAi'])
        ->middleware('tab-permission:global settings,ai-config,manage')
        ->name('system-config.ai-simulate');
    Route::get('/system-config/ai-stats', [SystemConfigController::class, 'getAiUsageStats'])
        ->middleware('tab-permission:global settings,ai-config')
        ->name('system-config.ai-stats');

    Route::post('/editor/upload', [EditorUploadController::class, 'upload'])->name('editor.upload');
});

Route::middleware(['auth', 'permission:view maintenance mode'])->group(function () {
    Route::get('/maintenance-mode', [MaintenanceModeController::class, 'index'])->name('maintenance-mode');
    Route::post('/maintenance-mode/broadcast', [MaintenanceModeController::class, 'broadcast'])
        ->middleware(['permission:manage maintenance mode'])
        ->name('maintenance-mode.broadcast');
});

// BACKUP & RESTORE
Route::middleware(['auth', 'permission:view backup and storage'])->prefix('backup-restore')->group(function () {
    Route::get('/', [BackupRestoreController::class, 'index'])->name('backup-restore.index');
    Route::get('/download', [BackupRestoreController::class, 'download'])->name('backup-restore.download');
});

Route::middleware(['auth', 'permission:manage backup and storage'])->prefix('backup-restore')->group(function () {
    Route::post('/create', [BackupRestoreController::class, 'create'])->name('backup-restore.create');
    Route::post('/delete', [BackupRestoreController::class, 'destroy'])->name('backup-restore.delete');
    Route::post('/restore', [BackupRestoreController::class, 'restore'])->name('backup-restore.restore');
    Route::post('/test-connection', [BackupRestoreController::class, 'testConnection'])->name('backup-restore.test-connection');
    Route::get('/google-auth', [BackupRestoreController::class, 'googleAuth'])->name('backup-restore.google-auth');
    Route::get('/google-callback', [BackupRestoreController::class, 'googleCallback'])->name('backup-restore.google-callback');
});

// AI SELF HEALING
Route::middleware(['auth', 'role:Developer', 'permission:view ai self-healing', 'active-permission:view ai self-healing'])->prefix('ai-self-healing')->group(function () {
    Route::get('/', [App\Http\Controllers\SystemSettings\AiSelfHealingController::class, 'index'])->name('ai-self-healing.index');
    
    Route::middleware(['permission:manage ai self-healing', 'active-permission:manage ai self-healing'])->group(function () {
        Route::post('/update', [App\Http\Controllers\SystemSettings\AiSelfHealingController::class, 'update'])->name('ai-self-healing.update');
        Route::post('/clear', [App\Http\Controllers\SystemSettings\AiSelfHealingController::class, 'clearLogs'])->name('ai-self-healing.clear');
        Route::get('/log/{id}', [App\Http\Controllers\SystemSettings\AiSelfHealingController::class, 'show'])->name('ai-self-healing.show');
        Route::get('/stats', [App\Http\Controllers\SystemSettings\AiSelfHealingController::class, 'stats'])->name('ai-self-healing.stats');
        Route::post('/log/{id}/retry', [App\Http\Controllers\SystemSettings\AiSelfHealingController::class, 'retry'])->name('ai-self-healing.retry');
        Route::post('/log/{id}/rollback', [App\Http\Controllers\SystemSettings\AiSelfHealingController::class, 'rollback'])->name('ai-self-healing.rollback');
        Route::post('/simulate-error', function () {
            throw new \Exception('View [dashboard-missing-xyz] not found. Please clear view cache.');
        })->name('ai-self-healing.simulate');
    });
});

// MOBILE SETTINGS
Route::middleware(['auth', 'permission:view mobile settings'])->group(function () {
    Route::get('/mobile-settings', [MobileSettingController::class, 'index'])->name('mobile-settings.index');
});
Route::middleware(['auth', 'permission:manage mobile settings'])->group(function () {
    Route::put('/mobile-settings', [MobileSettingController::class, 'update'])->name('mobile-settings.update');
});

Route::get('/session-manager', [SessionManagerController::class, 'index'])
    ->middleware(['auth', 'permission:view active sessions'])
    ->name('session-manager');

Route::get('/session-manager/stats', [SessionManagerController::class, 'getStats'])
    ->middleware(['auth', 'permission:view active sessions'])
    ->name('session-manager.stats');

Route::delete('/session-manager/{id}', [SessionManagerController::class, 'destroy'])
    ->middleware(['auth', 'permission:manage active sessions'])
    ->name('session-manager.terminate');

// SYSTEM MONITORING (UNIFIED)
Route::middleware(['auth'])->group(function () {
    Route::get('/system-monitoring', [SystemMonitoringController::class, 'index'])
        ->name('system-monitoring');
    Route::get('/api/system-stats', [SystemMonitoringController::class, 'getStats'])
        ->name('system-monitoring.stats');
    Route::post('/system-monitoring/logs/clear', [SystemMonitoringController::class, 'clearLogs'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.logs.clear');

    Route::get('/system-monitoring/logs/download', [SystemMonitoringController::class, 'downloadLogs'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.logs.download');

    Route::get('/system-monitoring/logs/datatable', [SystemMonitoringController::class, 'logsDataTable'])
        ->name('system-monitoring.logs.datatable');
    // SAP Logs
    Route::get('/system-monitoring/sap-logs/datatable', [SystemMonitoringController::class, 'sapLogsDataTable'])
        ->name('system-monitoring.sap-logs.datatable');
    Route::get('/system-monitoring/sap-logs/download', [SystemMonitoringController::class, 'downloadSapLogs'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.sap-logs.download');
    Route::post('/system-monitoring/sap-logs/clear', [SystemMonitoringController::class, 'clearSapLogs'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.sap-logs.clear');

    // Mobile Logs
    Route::get('/system-monitoring/mobile-logs/datatable', [SystemMonitoringController::class, 'mobileLogsDataTable'])
        ->name('system-monitoring.mobile-logs.datatable');
    Route::get('/system-monitoring/mobile-logs/download', [SystemMonitoringController::class, 'downloadMobileLogs'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.mobile-logs.download');
    Route::post('/system-monitoring/mobile-logs/clear', [SystemMonitoringController::class, 'clearMobileLogs'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.mobile-logs.clear');

    // Background Jobs Management
    Route::get('/system-monitoring/background-jobs/datatable', [SystemMonitoringController::class, 'backgroundJobsDataTable'])
        ->name('system-monitoring.background-jobs.datatable');
    Route::post('/system-monitoring/background-jobs/clear', [SystemMonitoringController::class, 'clearFailedJobs'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.background-jobs.clear');
    Route::post('/system-monitoring/background-jobs/retry/{id?}', [SystemMonitoringController::class, 'retryFailedJob'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.background-jobs.retry');
    Route::post('/system-monitoring/background-jobs/delete-failed/{id}', [SystemMonitoringController::class, 'deleteFailedJob'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.background-jobs.delete-failed');
    Route::get('/system-monitoring/background-jobs/download', [SystemMonitoringController::class, 'downloadBackgroundJobs'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.background-jobs.download');
    Route::post('/system-monitoring/toggle-maintenance', [SystemMonitoringController::class, 'toggleMaintenance'])
        ->middleware(['permission:manage health and logs'])
        ->name('system-monitoring.maintenance.toggle');

    // AI LOG ANALYSIS
    Route::middleware(['role:Developer', 'permission:view ai log analysis', 'active-permission:view ai log analysis'])->group(function () {
        Route::get('/api/ai/log-analysis', [LogAnalysisController::class, 'index'])
            ->name('ai.log-analysis.index');
        Route::post('/api/ai/log-analysis/analyze', [LogAnalysisController::class, 'analyze'])
            ->name('ai.log-analysis.analyze');
        Route::post('/api/ai/log-analysis/clear', [LogAnalysisController::class, 'clear'])
            ->name('ai.log-analysis.clear');

        Route::get('/api/ai/security-audit', [SystemMonitoringController::class, 'securityAudit'])
            ->name('ai.security-audit');
    });

    // GLOBAL SEARCH
    Route::get('/api/global-search', GlobalSearchController::class)
        ->name('global-search');

    // AI ASSISTANT
    Route::post('/api/ai/assistant/ask', [AiAssistantController::class, 'ask'])
        ->middleware(['role:Developer', 'permission:use ai assistant', 'active-permission:use ai assistant'])
        ->name('ai.assistant.ask');
});

// ACTION HISTORY
Route::middleware(['auth', 'permission:view action history'])->group(function () {
    Route::get('/action-logs', [ActionLogController::class, 'index'])->name('action-logs');
    Route::get('/action-logs/export', [ActionLogController::class, 'export'])->name('action-logs.export');
    Route::post('/action-logs/clear', [ActionLogController::class, 'clear'])
        ->middleware(['permission:manage action history'])
        ->name('action-logs.clear');
});

// ROLE MANAGEMENT
Route::get('/roles', [RoleManagementController::class, 'index'])
    ->middleware(['auth', 'permission:view access rights'])
    ->name('roles');

Route::middleware(['auth', 'permission:manage access rights'])->group(function () {
    Route::post('/roles', [RoleManagementController::class, 'store'])->name('roles.store');
    Route::put('/roles/{id}', [RoleManagementController::class, 'update'])->name('roles.update');
    Route::delete('/roles/{id}', [RoleManagementController::class, 'destroy'])->name('roles.destroy');
    Route::post('/roles/toggle-status', [RoleManagementController::class, 'toggleStatus'])->name('roles.toggle-status');
    Route::post('/roles/{id}/restore', [RoleManagementController::class, 'restore'])->name('roles.restore');
    Route::delete('/roles/{id}/force', [RoleManagementController::class, 'forceDelete'])->name('roles.force-delete');

    // Bulk Actions
    Route::post('/roles/bulk-toggle-status', [RoleManagementController::class, 'bulkToggleStatus'])->name('roles.bulk-toggle-status');
    Route::post('/roles/bulk-delete', [RoleManagementController::class, 'bulkDelete'])->name('roles.bulk-delete');
    Route::post('/roles/bulk-restore', [RoleManagementController::class, 'bulkRestore'])->name('roles.bulk-restore');
    Route::post('/roles/bulk-force-delete', [RoleManagementController::class, 'bulkForceDelete'])->name('roles.bulk-force-delete');
});

// PERMISSION MANAGEMENT
Route::get('/permissions', [PermissionManagementController::class, 'index'])
    ->middleware(['auth', 'permission:view access rights'])
    ->name('permissions');

Route::middleware(['auth', 'permission:manage access rights'])->group(function () {
    Route::post('/permissions', [PermissionManagementController::class, 'store'])->name('permissions.store');
    Route::put('/permissions/{id}', [PermissionManagementController::class, 'update'])->name('permissions.update');
    Route::delete('/permissions/{id}', [PermissionManagementController::class, 'destroy'])->name('permissions.destroy');
    Route::post('/permissions/toggle-status', [PermissionManagementController::class, 'toggleStatus'])->name('permissions.toggle-status');
});

// NOTIFICATION CENTER
Route::get('/notification-center', [NotificationCenterController::class, 'index'])
    ->middleware(['auth', 'permission:view notification center'])
    ->name('notification-center.index');

Route::get('/notification-center/api/recent', [NotificationCenterController::class, 'recentNotifications'])
    ->middleware(['auth', 'permission:view notification center'])
    ->name('notification-center.api.recent');

Route::middleware(['auth', 'permission:view notification center'])->group(function () {
    Route::patch('/notification-center/{notification}/read', [NotificationCenterController::class, 'markAsRead'])->name('notification-center.read');
    Route::patch('/notification-center/read-all', [NotificationCenterController::class, 'markAllAsRead'])->name('notification-center.read-all');
    Route::delete('/notification-center/clear-read', [NotificationCenterController::class, 'clearRead'])->name('notification-center.clear-read');
    Route::delete('/notification-center/{notification}', [NotificationCenterController::class, 'destroy'])->name('notification-center.destroy');
});

Route::middleware(['auth', 'permission:manage notification center', 'role:Developer|Administrator'])->group(function () {
    Route::post('/notification-center', [NotificationCenterController::class, 'store'])->name('notification-center.store');
});

// AUTH ROUTES
require __DIR__.'/auth.php';