<?php

namespace App\Providers;

use App\Models\Setting;
use App\Models\User;
use App\Policies\UserPolicy;
use Illuminate\Support\Facades\Cache;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\Vite;
use Illuminate\Support\ServiceProvider;
use Illuminate\Validation\Rules\Password;
use Laravel\Passport\Contracts\AuthorizationViewResponse;
use Laravel\Passport\Http\Responses\SimpleViewResponse;
use Laravel\Passport\Passport;

class AppServiceProvider extends ServiceProvider
{
    public function register(): void
    {
        Passport::ignoreRoutes();

        $this->app->bind(\Illuminate\Contracts\Auth\StatefulGuard::class, function () {
            return \Illuminate\Support\Facades\Auth::guard('web');
        });

        $this->app->bind(AuthorizationViewResponse::class, function () {
            return new SimpleViewResponse('passport::authorize');
        });
    }

    public function boot(): void
    {
        Vite::prefetch(concurrency: 3);

        Gate::policy(User::class, UserPolicy::class);

        // super-admin bypasses all gates
        Gate::before(function (User $user, string $ability) {
            if ($user->hasRole('super-admin')) {
                return true;
            }
        });

        // Dynamic password rules driven by system settings
        Password::defaults(function () {
            $settings = Cache::get('system_settings', []);

            $rule = Password::min((int) ($settings['password_minimum_length'] ?? 8));

            if (filter_var($settings['password_require_symbols'] ?? false, FILTER_VALIDATE_BOOLEAN)) {
                $rule->symbols();
            }
            if (filter_var($settings['password_require_numbers'] ?? false, FILTER_VALIDATE_BOOLEAN)) {
                $rule->numbers();
            }
            if (filter_var($settings['password_require_mixed_case'] ?? false, FILTER_VALIDATE_BOOLEAN)) {
                $rule->mixedCase();
            }

            return $rule;
        });
    }
}