<?php

use Inertia\Inertia;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Route;
use Illuminate\Support\Facades\Artisan;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Cache;
use App\Http\Controllers\InvoiceController;
use App\Http\Controllers\CustomerController;
use App\Http\Controllers\ProductController;

Route::middleware('auth')->group(function () {

    // Dashboard
    Route::get('/', function () {
        return Inertia::render('Dashboard');
    })->name('home');

    Route::get('dashboard', function () {
        return Inertia::render('Dashboard');
    })->name('dashboard');

    // CRM
    Route::get('crm', function () {
        return Inertia::render('CRM');
    })->name('crm');

    // Offers
    Route::get('offers', function () {
        return Inertia::render('Offers');
    })->name('offers');

    // Customers
    Route::get('customers', [CustomerController::class, 'show'])->name('customers');

    // Leads
    Route::get('leads', function () {
        return Inertia::render('Leads');
    })->name('leads');

    // Achievements
    Route::get('achievements', function () {
        return Inertia::render('Achievements');
    })->name('achievements');

    // Invoices
    Route::get('invoices', [InvoiceController::class, 'show'])->name('invoices');
    Route::get('invoices?action=new', [InvoiceController::class, 'show'])->name('newInvoice');
    Route::get('invoice/{id}', [InvoiceController::class, 'preview'])->name('invoicePreview');
    Route::get('invoice/{id}/pdf', [InvoiceController::class, 'exportPdf'])->name('invoiceExportPdf');
    Route::get('invoice/{id}/xml', [InvoiceController::class, 'exportXml'])->name('invoiceExportXml');

    // Products
    Route::get('products', [ProductController::class, 'show'])->name('products');


    Route::get('timesheets', function () {
        return Inertia::render('Timesheets');
    })->name('timesheets');

    // Procedural Documentation
    Route::get('proceduralDocumentation', function () {
        return Inertia::render('ProceduralDocumentation');
    })->name('proceduralDocumentation');


    /*
    |--------------------------------------------------------------------------
    | Web cron route
    |--------------------------------------------------------------------------
    |
    | Example: GET /webcron?token=SECRET or set header X-WEBCron-Token: SECRET
    | Configure secret in .env as WEBCRON_SECRET (optional). If no secret is set,
    | the route is open (not recommended in production).
    |
    */
    Route::get('/webcron', function (Request $request) {
        // only allow if scheduling method is webcron
        $method = \App\Models\Setting::where('key', 'app.schedule_method')->value('value') ?? 'internal';
        if ($method !== 'webcron') {
            return response('Not Found', 404);
        }

        $secret = env('WEBCRON_SECRET', null);

        // basic token protection
        if ($secret) {
            $token = $request->query('token') ?? $request->header('X-WEBCron-Token');
            if (!$token || !hash_equals((string)$secret, (string)$token)) {
                return response('Forbidden', 403);
            }
        }

        // quick throttle to avoid abuse (server-side)
        $cacheKey = 'caramel_webcron_last_run';
        if (\Illuminate\Support\Facades\Cache::has($cacheKey)) {
            return response('Throttled', 429);
        }
        Cache::put($cacheKey, true, 55);

        try {
            Log::info('Triggering scheduler via /webcron route');
            Artisan::call('schedule:run');
            return response('OK', 200);
        } catch (\Throwable $e) {
            Log::error('Error running scheduler: ' . $e->getMessage());
            return response('Error', 500);
        }
    });
});


require __DIR__ . '/settings.php';
require __DIR__ . '/auth.php';