<?php

namespace App\Providers;

use App\Models\BackupSchedule;
use App\Models\EntraGroup;
use App\Models\Finding;
use App\Models\OperationRun;
use App\Models\ProviderCredential;
use App\Models\RestoreRun;
use App\Models\Tenant;
use App\Models\User;
use App\Models\UserTenantPreference;
use App\Observers\ProviderCredentialObserver;
use App\Observers\RestoreRunObserver;
use App\Policies\BackupSchedulePolicy;
use App\Policies\EntraGroupPolicy;
use App\Policies\FindingPolicy;
use App\Policies\OperationRunPolicy;
use App\Services\Baselines\SnapshotRendering\Renderers\DeviceComplianceSnapshotTypeRenderer;
use App\Services\Baselines\SnapshotRendering\Renderers\FallbackSnapshotTypeRenderer;
use App\Services\Baselines\SnapshotRendering\Renderers\IntuneRoleDefinitionSnapshotTypeRenderer;
use App\Services\Baselines\SnapshotRendering\SnapshotTypeRendererRegistry;
use App\Services\Graph\GraphClientInterface;
use App\Services\Graph\MicrosoftGraphClient;
use App\Services\Graph\NullGraphClient;
use App\Services\Intune\AppProtectionPolicyNormalizer;
use App\Services\Intune\CompliancePolicyNormalizer;
use App\Services\Intune\DeviceConfigurationPolicyNormalizer;
use App\Services\Intune\EnrollmentAutopilotPolicyNormalizer;
use App\Services\Intune\GroupPolicyConfigurationNormalizer;
use App\Services\Intune\IntuneRoleAssignmentNormalizer;
use App\Services\Intune\IntuneRoleDefinitionNormalizer;
use App\Services\Intune\ManagedDeviceAppConfigurationNormalizer;
use App\Services\Intune\ScriptsPolicyNormalizer;
use App\Services\Intune\SettingsCatalogPolicyNormalizer;
use App\Services\Intune\TermsAndConditionsNormalizer;
use App\Services\Intune\WindowsDriverUpdateProfileNormalizer;
use App\Services\Intune\WindowsFeatureUpdateProfileNormalizer;
use App\Services\Intune\WindowsQualityUpdateProfileNormalizer;
use App\Services\Intune\WindowsUpdateRingNormalizer;
use App\Services\PermissionPosture\FindingGeneratorContract;
use App\Services\PermissionPosture\PermissionPostureFindingGenerator;
use App\Services\Providers\MicrosoftGraphOptionsResolver;
use App\Services\Providers\ProviderConnectionResolver;
use App\Services\Providers\ProviderGateway;
use App\Support\References\Contracts\ReferenceResolver;
use App\Support\References\ReferenceResolverRegistry;
use App\Support\References\ReferenceStatePresenter;
use App\Support\References\ReferenceTypeLabelCatalog;
use App\Support\References\ResolvedReferencePresenter;
use App\Support\References\Resolvers\BackupSetReferenceResolver;
use App\Support\References\Resolvers\BaselineProfileReferenceResolver;
use App\Support\References\Resolvers\BaselineSnapshotReferenceResolver;
use App\Support\References\Resolvers\EntraGroupReferenceResolver;
use App\Support\References\Resolvers\EntraRoleDefinitionReferenceResolver;
use App\Support\References\Resolvers\FallbackReferenceResolver;
use App\Support\References\Resolvers\OperationRunReferenceResolver;
use App\Support\References\Resolvers\PolicyReferenceResolver;
use App\Support\References\Resolvers\PolicyVersionReferenceResolver;
use App\Support\References\Resolvers\PrincipalReferenceResolver;
use Filament\Events\TenantSet;
use Illuminate\Cache\RateLimiting\Limit;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\Facades\Gate;
use Illuminate\Support\Facades\RateLimiter;
use Illuminate\Support\Facades\Schema;
use Illuminate\Support\ServiceProvider;

class AppServiceProvider extends ServiceProvider
{
    /**
     * Register any application services.
     */
    public function register(): void
    {
        $this->app->bind(FindingGeneratorContract::class, PermissionPostureFindingGenerator::class);

        $this->app->bind(
            \App\Contracts\Hardening\WriteGateInterface::class,
            \App\Services\Hardening\IntuneRbacWriteGate::class,
        );

        $this->app->singleton(GraphClientInterface::class, function ($app) {
            $config = $app['config']->get('graph');

            if (! empty($config['enabled'])) {
                return $app->make(MicrosoftGraphClient::class);
            }

            return $app->make(NullGraphClient::class);
        });

        $this->app->singleton(MicrosoftGraphOptionsResolver::class, function ($app): MicrosoftGraphOptionsResolver {
            return new MicrosoftGraphOptionsResolver(
                connections: $app->make(ProviderConnectionResolver::class),
                gateway: $app->make(ProviderGateway::class),
            );
        });

        $this->app->singleton(SnapshotTypeRendererRegistry::class, function ($app): SnapshotTypeRendererRegistry {
            return new SnapshotTypeRendererRegistry(
                renderers: [
                    $app->make(IntuneRoleDefinitionSnapshotTypeRenderer::class),
                    $app->make(DeviceComplianceSnapshotTypeRenderer::class),
                ],
                fallbackRenderer: $app->make(FallbackSnapshotTypeRenderer::class),
            );
        });

        $this->app->singleton(ReferenceTypeLabelCatalog::class);
        $this->app->singleton(ReferenceStatePresenter::class);
        $this->app->singleton(ResolvedReferencePresenter::class);
        $this->app->singleton(FallbackReferenceResolver::class);
        $this->app->singleton(PolicyReferenceResolver::class);
        $this->app->singleton(PolicyVersionReferenceResolver::class);
        $this->app->singleton(BaselineProfileReferenceResolver::class);
        $this->app->singleton(BaselineSnapshotReferenceResolver::class);
        $this->app->singleton(OperationRunReferenceResolver::class);
        $this->app->singleton(BackupSetReferenceResolver::class);
        $this->app->singleton(EntraGroupReferenceResolver::class);
        $this->app->singleton(EntraRoleDefinitionReferenceResolver::class);
        $this->app->singleton(PrincipalReferenceResolver::class);
        $this->app->singleton(ReferenceResolverRegistry::class, function ($app): ReferenceResolverRegistry {
            /** @var array<int, ReferenceResolver> $resolvers */
            $resolvers = [
                $app->make(PolicyReferenceResolver::class),
                $app->make(PolicyVersionReferenceResolver::class),
                $app->make(BaselineProfileReferenceResolver::class),
                $app->make(BaselineSnapshotReferenceResolver::class),
                $app->make(OperationRunReferenceResolver::class),
                $app->make(BackupSetReferenceResolver::class),
                $app->make(EntraGroupReferenceResolver::class),
                $app->make(EntraRoleDefinitionReferenceResolver::class),
                $app->make(PrincipalReferenceResolver::class),
            ];

            return new ReferenceResolverRegistry(
                resolvers: $resolvers,
                fallbackResolver: $app->make(FallbackReferenceResolver::class),
            );
        });

        $this->app->tag(
            [
                AppProtectionPolicyNormalizer::class,
                CompliancePolicyNormalizer::class,
                DeviceConfigurationPolicyNormalizer::class,
                EnrollmentAutopilotPolicyNormalizer::class,
                GroupPolicyConfigurationNormalizer::class,
                IntuneRoleAssignmentNormalizer::class,
                IntuneRoleDefinitionNormalizer::class,
                ManagedDeviceAppConfigurationNormalizer::class,
                ScriptsPolicyNormalizer::class,
                SettingsCatalogPolicyNormalizer::class,
                TermsAndConditionsNormalizer::class,
                WindowsDriverUpdateProfileNormalizer::class,
                WindowsFeatureUpdateProfileNormalizer::class,
                WindowsQualityUpdateProfileNormalizer::class,
                WindowsUpdateRingNormalizer::class,
            ],
            'policy-type-normalizers'
        );
    }

    /**
     * Bootstrap any application services.
     */
    public function boot(): void
    {
        RateLimiter::for('entra-callback', function (Request $request) {
            return Limit::perMinute(20)->by((string) $request->ip());
        });

        RestoreRun::observe(RestoreRunObserver::class);
        ProviderCredential::observe(ProviderCredentialObserver::class);

        Event::listen(TenantSet::class, function (TenantSet $event): void {
            static $hasPreferencesTable;

            $hasPreferencesTable ??= Schema::hasTable('user_tenant_preferences');

            if (! $hasPreferencesTable) {
                return;
            }

            $tenant = $event->getTenant();
            $user = $event->getUser();

            if (! $tenant instanceof Tenant) {
                return;
            }

            if (! $user instanceof User) {
                return;
            }

            UserTenantPreference::query()->updateOrCreate(
                [
                    'user_id' => $user->getKey(),
                    'tenant_id' => $tenant->getKey(),
                ],
                [
                    'last_used_at' => now(),
                ],
            );
        });

        Gate::policy(BackupSchedule::class, BackupSchedulePolicy::class);
        Gate::policy(Finding::class, FindingPolicy::class);
        Gate::policy(EntraGroup::class, EntraGroupPolicy::class);
        Gate::policy(OperationRun::class, OperationRunPolicy::class);
    }
}