<?php

use App\Filament\Pages\Tenancy\RegisterTenant;
use App\Http\Controllers\AdminConsentCallbackController;
use App\Http\Controllers\Auth\EntraController;
use App\Http\Controllers\RbacDelegatedAuthController;
use App\Http\Controllers\SelectTenantController;
use App\Http\Controllers\SwitchWorkspaceController;
use App\Http\Controllers\TenantOnboardingController;
use App\Models\Workspace;
use App\Support\Middleware\DenyNonMemberTenantAccess;
use App\Support\Workspaces\WorkspaceContext;
use App\Support\Workspaces\WorkspaceResolver;
use Filament\Http\Middleware\Authenticate as FilamentAuthenticate;
use Filament\Http\Middleware\DisableBladeIconComponents;
use Filament\Http\Middleware\DispatchServingFilamentEvent;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;

Route::get('/', function () {
    return view('welcome');
});

Route::get('/admin/consent/callback', AdminConsentCallbackController::class)
    ->name('admin.consent.callback');

Route::get('/admin/consent/start', TenantOnboardingController::class)
    ->name('admin.consent.start');
// Panel root override: keep the app's workspace-first flow.
// Avoid Filament's tenancy root redirect which otherwise sends users to /admin/register-tenant
// when no default tenant can be resolved.
Route::middleware([
    'web',
    'panel:admin',
    'ensure-correct-guard:web',
    DenyNonMemberTenantAccess::class,
    DisableBladeIconComponents::class,
    DispatchServingFilamentEvent::class,
    FilamentAuthenticate::class,
    'ensure-workspace-selected',
])
    ->get('/admin', function (Request $request) {
        $workspaceId = app(WorkspaceContext::class)->currentWorkspaceId($request);

        if ($workspaceId === null) {
            return redirect()->to('/admin/choose-workspace');
        }

        return redirect()->to('/admin/choose-tenant');
    })
    ->name('admin.home');
// Fallback route: Filament's layout generates this URL when tenancy registration is enabled.
// In this app, package route registration may not always define it early enough, which breaks
// rendering on tenant-scoped routes.
Route::middleware([
    'web',
    'panel:admin',
    'ensure-correct-guard:web',
    DenyNonMemberTenantAccess::class,
    DisableBladeIconComponents::class,
    DispatchServingFilamentEvent::class,
    FilamentAuthenticate::class,
    'ensure-workspace-selected',
])
    ->prefix('/admin')
    ->name('filament.admin.')
    ->get('/register-tenant', RegisterTenant::class)
    ->name('tenant.registration');

Route::get('/admin/rbac/start', [RbacDelegatedAuthController::class, 'start'])
    ->name('admin.rbac.start');

Route::get('/admin/rbac/callback', [RbacDelegatedAuthController::class, 'callback'])
    ->name('admin.rbac.callback');

Route::get('/auth/entra/redirect', [EntraController::class, 'redirect'])
    ->name('auth.entra.redirect');

Route::get('/auth/entra/callback', [EntraController::class, 'callback'])
    ->middleware('throttle:entra-callback')
    ->name('auth.entra.callback');

Route::middleware(['web', 'auth', 'ensure-workspace-selected'])
    ->get('/admin/managed-tenants', function (Request $request) {
        $workspace = app(WorkspaceContext::class)->currentWorkspace($request);

        if (! $workspace instanceof Workspace) {
            return redirect('/admin/choose-workspace');
        }

        return redirect('/admin/w/'.($workspace->slug ?? $workspace->getKey()).'/managed-tenants');
    })
    ->name('admin.legacy.managed-tenants.index');

Route::middleware(['web', 'auth', 'ensure-workspace-selected'])
    ->get('/admin/managed-tenants/onboarding', function (Request $request) {
        $workspace = app(WorkspaceContext::class)->currentWorkspace($request);

        if (! $workspace instanceof Workspace) {
            return redirect('/admin/choose-workspace');
        }

        return redirect('/admin/w/'.($workspace->slug ?? $workspace->getKey()).'/managed-tenants/onboarding');
    })
    ->name('admin.legacy.managed-tenants.onboarding');

Route::middleware(['web', 'auth', 'ensure-workspace-selected'])
    ->get('/admin/new', function (Request $request) {
        $workspace = app(WorkspaceContext::class)->currentWorkspace($request);

        if (! $workspace instanceof Workspace) {
            return redirect('/admin/choose-workspace');
        }

        return redirect('/admin/w/'.($workspace->slug ?? $workspace->getKey()).'/managed-tenants/onboarding');
    })
    ->name('admin.legacy.onboarding');

Route::middleware(['web', 'auth', 'ensure-correct-guard:web'])
    ->post('/admin/switch-workspace', SwitchWorkspaceController::class)
    ->name('admin.switch-workspace');

Route::middleware(['web', 'auth', 'ensure-correct-guard:web', 'ensure-workspace-selected'])
    ->post('/admin/select-tenant', SelectTenantController::class)
    ->name('admin.select-tenant');
Route::bind('workspace', function (string $value): Workspace {
    /** @var WorkspaceResolver $resolver */
    $resolver = app(WorkspaceResolver::class);

    $workspace = $resolver->resolve($value);

    abort_unless($workspace instanceof Workspace, 404);

    return $workspace;
});

Route::middleware(['web', 'auth', 'ensure-workspace-member'])
    ->prefix('/admin/w/{workspace}')
    ->group(function (): void {
        Route::get('/', fn () => redirect('/admin/choose-tenant'))
            ->name('admin.workspace.home');

        Route::get('/ping', fn () => response()->noContent())->name('admin.workspace.ping');

        Route::get('/managed-tenants', fn () => redirect('/admin/choose-tenant'))
            ->name('admin.workspace.managed-tenants.index');

        Route::get('/managed-tenants/onboarding', fn () => redirect('/admin/register-tenant'))
            ->name('admin.workspace.managed-tenants.onboarding');
    });

if (app()->runningUnitTests()) {
    Route::middleware(['web', 'auth', 'ensure-workspace-selected'])
        ->get('/admin/_test/workspace-context', function (Request $request) {
            $workspaceId = app(\App\Support\Workspaces\WorkspaceContext::class)->currentWorkspaceId($request);

            return response()->json([
                'workspace_id' => $workspaceId,
            ]);
        });
}