<?php

use Dashboard\Unifi\Http\Controllers\ClientController;
use Dashboard\Unifi\Http\Controllers\DeviceController;
use Dashboard\Unifi\Http\Controllers\PortalController;
use Dashboard\Unifi\Http\Controllers\StatsController;
use Dashboard\Unifi\Http\Controllers\UnifiCronLogsController;
use Dashboard\Unifi\Http\Controllers\UnifiPagesAccessController;
use Dashboard\Unifi\Http\Controllers\UnifiSettingsController;
use Dashboard\Unifi\Http\Controllers\VlanGroupController;
use Dashboard\Unifi\Http\Controllers\WebhookController;
use Dashboard\Unifi\Http\Controllers\WifiApiController;
use Dashboard\Unifi\Http\Controllers\WifiController;
use Illuminate\Support\Facades\Route;

Route::middleware(['web', 'auth', 'app.access:unifi'])
    ->prefix('app/network')
    ->name('unifi.')
    ->group(function () {

        // ── Stats (read-only) ────────────────────────────────────────────────
        Route::middleware('permission:unifi.stats')->group(function () {
            Route::get('/',                [StatsController::class, 'dashboard'])->name('dashboard');
            Route::get('/fullscreen',      [StatsController::class, 'dashboard'])->name('dashboard.fullscreen')->defaults('fullscreen', true);
            Route::get('/wan-status',      [StatsController::class, 'wanStatus'])->name('wan.status');
            Route::get('/devices',         [DeviceController::class, 'index'])   ->name('devices');
            Route::get('/clients',         [ClientController::class, 'index'])   ->name('clients');
            Route::get('/client-dashboard',   [StatsController::class, 'clientDashboard'])  ->name('client.dashboard');
            Route::get('/client-ap-traffic',  [StatsController::class, 'clientApTraffic'])  ->name('client.ap-traffic');
        });

        // ── Management (write access) ────────────────────────────────────────
        Route::middleware('permission:unifi.manage')->group(function () {
            // WiFi networks
            Route::get('/wifi',                         [WifiController::class, 'index'])          ->name('wifi');
            Route::put('/wifi/{wlanId}',                [WifiController::class, 'update'])         ->name('wifi.update');
            Route::post('/wifi/{wlanId}/toggle',        [WifiController::class, 'toggle'])         ->name('wifi.toggle');
            Route::post('/wifi/groups',                 [WifiController::class, 'saveGroups'])     ->name('wifi.groups');

            // PPSK (per-WLAN pre-shared keys)
            Route::get('/wifi/{wlanId}/ppsk',                    [WifiController::class, 'ppskIndex'])         ->name('wifi.ppsk.index');
            Route::post('/wifi/{wlanId}/ppsk',                   [WifiController::class, 'ppskStore'])         ->name('wifi.ppsk.store');
            Route::put('/wifi/{wlanId}/ppsk/{ppskId}',           [WifiController::class, 'ppskUpdate'])        ->name('wifi.ppsk.update');
            Route::delete('/wifi/{wlanId}/ppsk/{ppskId}',        [WifiController::class, 'ppskDestroy'])       ->name('wifi.ppsk.destroy');
            Route::put('/wifi/{wlanId}/ppsk/{ppskId}/schedule',  [WifiController::class, 'ppskSchedule'])      ->name('wifi.ppsk.schedule');
            Route::patch('/wifi/{wlanId}/ppsk/{ppskId}/rotation',[WifiController::class, 'ppskToggleRotation'])->name('wifi.ppsk.rotation');

            // Devices
            Route::post('/devices/reboot', [DeviceController::class, 'reboot'])  ->name('devices.reboot');
            Route::post('/clients/kick',   [ClientController::class, 'kick'])    ->name('clients.kick');
        });

        // ── Portal auth ──────────────────────────────────────────────────────
        Route::middleware('permission:unifi.auth')->group(function () {
            Route::get('/portal',                    [PortalController::class, 'settings'])       ->name('portal.settings');
            Route::post('/portal/mappings',          [PortalController::class, 'storeMapping'])   ->name('portal.mappings.store');
            Route::put('/portal/mappings/{mapping}', [PortalController::class, 'updateMapping'])  ->name('portal.mappings.update');
            Route::delete('/portal/mappings/{mapping}', [PortalController::class, 'destroyMapping'])->name('portal.mappings.destroy');
            Route::post('/portal/macs',              [PortalController::class, 'storeMac'])       ->name('portal.macs.store');
            Route::delete('/portal/macs/{mac}',      [PortalController::class, 'destroyMac'])    ->name('portal.macs.destroy');
            Route::post('/portal/sessions/{session}/disconnect', [PortalController::class, 'disconnectSession'])->name('portal.sessions.disconnect');

            // VLAN Groups
            Route::post('/portal/vlan-groups',                [VlanGroupController::class, 'store'])  ->name('portal.vlan-groups.store');
            Route::put('/portal/vlan-groups/{vlanGroup}',     [VlanGroupController::class, 'update']) ->name('portal.vlan-groups.update');
            Route::delete('/portal/vlan-groups/{vlanGroup}',  [VlanGroupController::class, 'destroy'])->name('portal.vlan-groups.destroy');
        });

        // ── Settings ─────────────────────────────────────────────────────────
        Route::middleware('permission:unifi.settings')->group(function () {
            Route::get('/settings',        [UnifiSettingsController::class, 'edit'])          ->name('settings');
            Route::post('/settings',       [UnifiSettingsController::class, 'update'])        ->name('settings.update');
            Route::post('/settings/test',  [UnifiSettingsController::class, 'testConnection'])->name('settings.test');
            Route::post('/settings/sites', [UnifiSettingsController::class, 'fetchSites'])    ->name('settings.sites');

            // Page Access — super-admin only. Lists unifi pages and lets
            // operators assign per-page user/group grants.
            Route::middleware('super.admin')->group(function () {
                Route::get('/settings/pages-access',                [UnifiPagesAccessController::class, 'index'])      ->name('settings.pages-access.index');
                Route::get('/settings/pages-access/users/search',   [UnifiPagesAccessController::class, 'searchUsers'])->name('settings.pages-access.users.search');
                Route::put('/settings/pages-access/{navItem}',      [UnifiPagesAccessController::class, 'update'])     ->name('settings.pages-access.update');
            });

            // Cron logs — read-only history of scheduled-task runs.
            Route::get('/settings/cron-logs', [UnifiCronLogsController::class, 'index'])->name('settings.cron-logs.index');

            // Webhooks — lives under /settings/* so it reads as a settings tab.
            Route::get('/settings/webhooks',                    [WebhookController::class, 'index'])  ->name('webhooks.index');
            Route::post('/settings/webhooks',                   [WebhookController::class, 'store'])  ->name('webhooks.store');
            Route::put('/settings/webhooks/{webhook}',          [WebhookController::class, 'update']) ->name('webhooks.update');
            Route::delete('/settings/webhooks/{webhook}',       [WebhookController::class, 'destroy'])->name('webhooks.destroy');
            Route::post('/settings/webhooks/{webhook}/test',    [WebhookController::class, 'test'])   ->name('webhooks.test');
            Route::post('/settings/webhooks/test-url',          [WebhookController::class, 'testUrl'])->name('webhooks.test-url');

            // API-token management
            Route::post('/settings/api-token/regenerate', [UnifiSettingsController::class, 'regenerateApiToken'])->name('settings.api-token.regenerate');
            Route::delete('/settings/api-token',          [UnifiSettingsController::class, 'clearApiToken'])    ->name('settings.api-token.clear');
        });
    });

// ── Public API (token-protected) ──────────────────────────────────────────
// External integrations (signage, kiosks) hit these without session auth.
Route::prefix('api/unifi')->name('unifi.api.')->group(function () {
    Route::get('/wifi/current-password', [WifiApiController::class, 'currentPassword'])
        ->name('wifi.current-password');
});

// ── Captive portal callback (public — user redirected here by UniFi) ─────
Route::middleware(['web', 'auth'])
    ->get('/portal/wifi/callback', [PortalController::class, 'captiveCallback'])
    ->name('unifi.portal.callback');