<?php

namespace Dashboard\Unifi;

use App\Models\DashboardApp;
use App\Models\NavItem;
use Dashboard\Unifi\Models\UnifiPageGrant;
use Illuminate\Routing\Events\RouteMatched;
use Illuminate\Support\Facades\Event;
use Illuminate\Support\ServiceProvider;

class UnifiServiceProvider extends ServiceProvider
{
    public function register(): void
    {
        $this->mergeConfigFrom(__DIR__ . '/../config/unifi.php', 'unifi');

        $this->app->singleton(Services\UnifiApiClient::class, function ($app) {
            return new Services\UnifiApiClient();
        });
    }

    public function boot(): void
    {
        $this->loadRoutesFrom(__DIR__ . '/routes/unifi.php');
        $this->loadMigrationsFrom(__DIR__ . '/../database/migrations');

        // Per-page access enforcement for unifi routes. If a unifi page has
        // any UnifiPageGrant rows, only super-admins and granted users/
        // groups can hit it; otherwise (no grants) it's open per the existing
        // permission middleware. Super-admins always bypass.
        Event::listen(RouteMatched::class, function (RouteMatched $event) {
            $routeName = $event->route->getName();
            if (! $routeName || ! str_starts_with($routeName, 'unifi.')) return;

            $user = $event->request->user();
            if (! $user || $user->is_super_admin) return;

            try {
                $appId = DashboardApp::where('slug', 'unifi')->value('id');
                $item  = NavItem::where('route_name', $routeName)
                    ->where('app_id', $appId)
                    ->first();
                if (! $item) return;

                if (! UnifiPageGrant::userCanAccess($user, $item)) {
                    abort(403, 'You do not have access to this page.');
                }
            } catch (\Throwable) {
                // unifi_page_grants table may not exist yet on a fresh
                // install before this snap-in's migrations have run —
                // fail open in that narrow window.
            }
        });

        if ($this->app->runningInConsole()) {
            $this->commands([
                Console\CheckWebhooks::class,
                Console\CaptureSnapshots::class,
                Console\CleanupSnapshots::class,
                Console\RebootAllAps::class,
                Console\RotatePasswords::class,
                Console\SyncPpskSchedules::class,
            ]);
            $this->publishes([
                __DIR__ . '/../config/unifi.php' => config_path('unifi.php'),
            ], 'unifi-config');
        }
    }
}