<?php

namespace App\Http\Controllers\Api;

use App\Http\Controllers\Controller;
use App\Models\User;
use Illuminate\Http\JsonResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;

class AuthController extends Controller
{
    public function login(Request $request): JsonResponse
    {
        $data = $request->validate([
            'username' => ['required', 'string'],
            'password' => ['required', 'string'],
        ]);

        $user = User::with('venues:id,name')->where('username', $data['username'])->first();
        if (!$user || !$user->is_active || !Hash::check($data['password'], $user->password)) {
            return response()->json(['message' => '账号或密码错误'], 422);
        }

        // 移动端核销登录：签发更长有效期的 token（Sanctum 仍会在 expires_at 到期后失效）
        $isH5Verify = $request->input('client') === 'h5_verify';
        $expiresAt = $isH5Verify ? now()->addMonths(6) : null;
        $tokenName = $isH5Verify ? 'h5-verify' : 'admin-token';

        $token = $user->createToken($tokenName, ['*'], $expiresAt)->plainTextToken;

        return response()->json([
            'token' => $token,
            'user' => [
                'id' => $user->id,
                'username' => $user->username,
                'name' => $user->name,
                'role' => $user->role,
                'venues' => $user->venues,
            ],
        ]);
    }

    public function logout(Request $request): JsonResponse
    {
        $request->user()?->currentAccessToken()?->delete();
        return response()->json(['message' => '已退出登录']);
    }
}