use axum::{
    Router, middleware,
    routing::{get, post},
};

use crate::{
    auth::{attach_refresh_session_token, issue_runtime_guest_token, require_bearer_auth},
    auth_me::auth_me,
    auth_public_user::{get_public_user_by_code, get_public_user_by_id},
    auth_sessions::{auth_sessions, revoke_auth_session},
    login_options::auth_login_options,
    logout::logout,
    logout_all::logout_all,
    password_entry::password_entry,
    password_management::{change_password, reset_password},
    phone_auth::{phone_login, send_phone_code},
    refresh_session::refresh_session,
    state::AppState,
    wechat_auth::{
        bind_wechat_phone, handle_wechat_callback, login_wechat_mini_program, start_wechat_login,
    },
};

pub fn router(state: AppState) -> Router<AppState> {
    Router::new()
        .route("/api/auth/login-options", get(auth_login_options))
        .route(
            "/api/auth/public-users/by-code/{code}",
            get(get_public_user_by_code),
        )
        .route(
            "/api/auth/public-users/by-id/{user_id}",
            get(get_public_user_by_id),
        )
        .route(
            "/api/auth/me",
            get(auth_me).route_layer(middleware::from_fn_with_state(
                state.clone(),
                require_bearer_auth,
            )),
        )
        .route(
            "/api/auth/sessions",
            get(auth_sessions)
                .route_layer(middleware::from_fn_with_state(
                    state.clone(),
                    attach_refresh_session_token,
                ))
                .route_layer(middleware::from_fn_with_state(
                    state.clone(),
                    require_bearer_auth,
                )),
        )
        .route(
            "/api/auth/sessions/{session_id}/revoke",
            post(revoke_auth_session).route_layer(middleware::from_fn_with_state(
                state.clone(),
                require_bearer_auth,
            )),
        )
        .route(
            "/api/auth/refresh",
            post(refresh_session).route_layer(middleware::from_fn_with_state(
                state.clone(),
                attach_refresh_session_token,
            )),
        )
        .route("/api/auth/runtime-guest-token", post(issue_runtime_guest_token))
        .route("/api/auth/phone/send-code", post(send_phone_code))
        .route("/api/auth/phone/login", post(phone_login))
        .route("/api/auth/wechat/start", get(start_wechat_login))
        .route("/api/auth/wechat/callback", get(handle_wechat_callback))
        .route(
            "/api/auth/wechat/miniprogram-login",
            post(login_wechat_mini_program),
        )
        .route(
            "/api/auth/wechat/bind-phone",
            post(bind_wechat_phone).route_layer(middleware::from_fn_with_state(
                state.clone(),
                require_bearer_auth,
            )),
        )
        .route("/api/auth/entry", post(password_entry))
        .route(
            "/api/auth/password/change",
            post(change_password).route_layer(middleware::from_fn_with_state(
                state.clone(),
                require_bearer_auth,
            )),
        )
        .route("/api/auth/password/reset", post(reset_password))
        .route(
            "/api/auth/logout",
            post(logout)
                .route_layer(middleware::from_fn_with_state(
                    state.clone(),
                    attach_refresh_session_token,
                ))
                .route_layer(middleware::from_fn_with_state(
                    state.clone(),
                    require_bearer_auth,
                )),
        )
        .route(
            "/api/auth/logout-all",
            post(logout_all).route_layer(middleware::from_fn_with_state(
                state.clone(),
                require_bearer_auth,
            )),
        )
}