import { Router, Request, Response } from 'express';
import { trackAffiliateClick, getOffers, registerAffiliate, loginAffiliate, getAffiliateDashboard } from '../services/affiliate';

const router = Router();

const COOKIE_NAME = 'rm_affiliate_tracking';
const COOKIE_MAX_AGE = 30 * 24 * 60 * 60 * 1000; // 30 days
const AFFILIATE_CODE_PATTERN = /^[A-Za-z0-9][A-Za-z0-9_-]{2,63}$/;
const AFFILIATE_ID_PATTERN = /^[A-Za-z0-9_-]{3,128}$/;

function isValidAffiliateCode(value: string): boolean {
  return AFFILIATE_CODE_PATTERN.test(value);
}

function isValidAffiliateId(value: string): boolean {
  return AFFILIATE_ID_PATTERN.test(value);
}

// GET /api/affiliate/track?ref=CODE
router.get('/track', async (req: Request, res: Response) => {
  try {
    const code = (req.query.ref as string || '').trim();
    if (!isValidAffiliateCode(code)) {
      res.status(400).json({ error: 'Invalid affiliate code' });
      return;
    }

    // Call PHP API to track the click
    const result = await trackAffiliateClick(code, req.get('referer'));

    if (!result.success || !result.tracking_id) {
      res.status(404).json({ error: result.error || 'Affiliate not found' });
      return;
    }

    // Set HTTP-only cookie with tracking data
    res.cookie(COOKIE_NAME, JSON.stringify({
      code,
      trackingId: result.tracking_id,
      visitorId: result.visitor_id,
    }), {
      httpOnly: true,
      secure: true,
      sameSite: 'lax',
      maxAge: COOKIE_MAX_AGE,
      path: '/',
    });

    res.json({ success: true });
  } catch (err) {
    console.error('Affiliate track error:', err);
    res.status(500).json({ error: 'Tracking failed' });
  }
});

// GET /api/affiliate/offers — public, no auth
router.get('/offers', async (_req: Request, res: Response) => {
  try {
    const result = await getOffers();
    if (!result.success) {
      res.status(502).json({ error: result.error || 'Failed to fetch offers' });
      return;
    }
    res.json({ offers: result.offers || [] });
  } catch (err) {
    console.error('Affiliate offers error:', err);
    res.status(500).json({ error: 'Failed to fetch offers' });
  }
});

// POST /api/affiliate/register — public, no auth
router.post('/register', async (req: Request, res: Response) => {
  try {
    const email = typeof req.body?.email === 'string' ? req.body.email.trim() : '';
    const companyName = typeof req.body?.companyName === 'string' ? req.body.companyName.trim() : '';
    const password = req.body?.password;

    if (!email || !companyName || !password) {
      res.status(400).json({ error: 'Email, company name, and password are required' });
      return;
    }

    if (typeof email !== 'string' || !email.includes('@')) {
      res.status(400).json({ error: 'Invalid email address' });
      return;
    }

    if (typeof password !== 'string' || password.length < 6) {
      res.status(400).json({ error: 'Password must be at least 6 characters' });
      return;
    }
    if (companyName.length < 2 || companyName.length > 120) {
      res.status(400).json({ error: 'Company name must be 2-120 characters' });
      return;
    }

    const result = await registerAffiliate(email, companyName, password);

    if (!result.success) {
      res.status(400).json({ error: result.error || 'Registration failed' });
      return;
    }

    res.json({
      success: true,
      affiliate_code: result.affiliate_code,
      unique_id: result.unique_id,
    });
  } catch (err) {
    console.error('Affiliate register error:', err);
    res.status(500).json({ error: 'Registration failed' });
  }
});

// POST /api/affiliate/login — public, no auth
router.post('/login', async (req: Request, res: Response) => {
  try {
    const email = typeof req.body?.email === 'string' ? req.body.email.trim() : '';
    const password = req.body?.password;

    if (!email || !password) {
      res.status(400).json({ error: 'Email and password are required' });
      return;
    }

    if (typeof email !== 'string' || !email.includes('@')) {
      res.status(400).json({ error: 'Invalid email address' });
      return;
    }

    const result = await loginAffiliate(email, password);

    if (!result.success) {
      res.status(401).json({ error: result.error || 'Invalid credentials' });
      return;
    }

    res.json({
      success: true,
      affiliate_id: result.affiliate_id,
      affiliate_code: result.affiliate_code,
      email: result.email,
    });
  } catch (err) {
    console.error('Affiliate login error:', err);
    res.status(500).json({ error: 'Login failed' });
  }
});

// GET /api/affiliate/dashboard?affiliate_id=X — public, no auth
router.get('/dashboard', async (req: Request, res: Response) => {
  try {
    const affiliateId = (req.query.affiliate_id as string || '').trim();
    if (!isValidAffiliateId(affiliateId)) {
      res.status(400).json({ error: 'Valid affiliate_id is required' });
      return;
    }

    const result = await getAffiliateDashboard(affiliateId);

    if (!result.success) {
      res.status(502).json({ error: result.error || 'Failed to fetch dashboard' });
      return;
    }

    res.json({ success: true, stats: result.stats });
  } catch (err) {
    console.error('Affiliate dashboard error:', err);
    res.status(500).json({ error: 'Failed to fetch dashboard' });
  }
});

export default router;