<?php

namespace App\Http\Controllers\Api\Auth;

use App\Exceptions\RuntimeException;
use App\Http\Controllers\Api\Controller;
use App\Models\AdminUser;
use App\Models\Employee;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Validation\ValidationException;

class AccessTokenController extends Controller
{
    public function store(Request $request): array
    {
        $validated = $request->validate(
            rules: [
                'username' => ['bail', 'required'],
                'password' => ['bail', 'required'],
            ],
            attributes: [
                'username' => '账号',
                'password' => '密码',
            ],
        );

        $adminUser = AdminUser::where('username', $validated['username'])->first();

        if (is_null($adminUser?->password) || ! Hash::check($validated['password'], $adminUser->password)) {
            throw ValidationException::withMessages([
                'username' => ['账号或密码错误'],
            ]);
        }
        if ($adminUser->lock) {
            throw new RuntimeException('您的账号已被锁定，需要联系超级管理员解锁。');
        }

        $employee = Employee::where('admin_user_id', $adminUser->id)->first();

        if (is_null($employee)) {
            throw new RuntimeException('员工未找到');
        }

        if ($employee->isResigned()) {
            throw new RuntimeException('员工已离职');
        }

        $employee->tokens()->delete();

        /** @var \Laravel\Sanctum\NewAccessToken */
        $accessToken = $employee->createToken(
            name: 'api',
            expiresAt: now()->addDays(15),
        );

        return [
            'token' => $accessToken->plainTextToken,
        ];
    }

    public function destroy(Request $request)
    {
        /** @var Employee */
        if ($employee = $this->guard()->user()) {
            $employee->tokens()->delete();
        }

        return response()->noContent();
    }
}