<?php

namespace App\Http\Controllers\Auth;

use App\Http\Controllers\Controller;
use App\Models\ActivityLog;
use App\Models\Invitation;
use App\Services\InvitationService;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Validation\Rules\Password;
use Illuminate\View\View;

class RegisterController extends Controller
{
    public function __construct(private InvitationService $invitationService) {}

    public function showForm(string $token): View|RedirectResponse
    {
        $invitation = Invitation::with('players.team')->where('token', hash('sha256', $token))->first();

        if (!$invitation || !$invitation->isValid()) {
            return redirect()->route('login')
                ->with('error', __('auth_ui.invalid_invitation'));
        }

        return view('auth.register', compact('invitation'));
    }

    public function register(Request $request, string $token): RedirectResponse
    {
        $invitation = Invitation::with('players')->where('token', hash('sha256', $token))->first();

        if (!$invitation || !$invitation->isValid()) {
            return redirect()->route('login')
                ->with('error', __('auth_ui.invalid_invitation'));
        }

        // Honeypot — Bots füllen versteckte Felder aus
        if ($request->filled('website')) {
            return redirect()->route('login');
        }

        // E-Mail-Normalisierung vor Validierung (V17)
        $request->merge(['email' => strtolower(trim($request->input('email')))]);

        $validated = $request->validate([
            'name' => ['required', 'string', 'max:255'],
            'email' => ['required', 'email', 'max:255', 'unique:users,email'],
            'password' => ['required', 'string', Password::min(8)->letters()->numbers(), 'confirmed'],
        ]);

        // E-Mail muss mit Einladung übereinstimmen (falls eingeschränkt)
        if ($invitation->email && strtolower($validated['email']) !== strtolower($invitation->email)) {
            return back()->withInput()->withErrors([
                'email' => __('auth_ui.email_must_match_invitation', ['email' => $invitation->email]),
            ]);
        }

        $user = $this->invitationService->redeemInvitation($invitation, $validated);

        Auth::login($user);
        $request->session()->regenerate();

        ActivityLog::log('registered', __('admin.log_registered', ['name' => $user->name]), 'User', $user->id);

        return redirect()->route('dashboard')
            ->with('success', __('auth_ui.welcome'));
    }
}