defmodule DaProductAppWeb.Router do
  use DaProductAppWeb, :router

  pipeline :browser do
    plug :accepts, ["html"]
    plug :fetch_session
    plug :fetch_live_flash
    plug :put_root_layout, html: {DaProductAppWeb.Layouts, :root}
    plug :protect_from_forgery
    plug :put_secure_browser_headers
  end

  pipeline :api do
    plug :accepts, ["json", "xml"]
  end

  pipeline :npci_upi do
    plug :accepts, ["xml"]
  #  plug DaProductAppWeb.Plugs.RawBody
    # Add any NPCI-specific plugs here (auth, rate limiting, etc.)
  end

  pipeline :webhook do
    plug :accepts, ["json"]
    plug DaProductAppWeb.Plugs.RawBody
  end

  scope "/", DaProductAppWeb do
    pipe_through :browser

    get "/", PageController, :home

    # Admin dashboard - LiveView
    live "/dashboard", DashboardLive, :index

    # Reports redirect to Analytics (for backward compatibility)
    get "/reports", PageController, :redirect_to_analytics

    # Authentication and management
    get "/login", SessionController, :new
    post "/login", SessionController, :create
    delete "/logout", SessionController, :delete
  # Legacy logout routes (handle GET requests when JS data-method doesn't work)
  get "/logout", SessionController, :delete
  get "/users/log_out", SessionController, :delete

    # Core Administration - LiveView
    live "/users", UsersLive, :index
    live "/users/new", UsersLive, :new
    live "/users/:id/edit", UsersLive, :edit

    live "/organizations", OrganizationsLive, :index
    live "/organizations/new", OrganizationsLive, :new
    live "/organizations/:id/edit", OrganizationsLive, :edit
    live "/organizations/:id/users", OrganizationsLive, :users

    # Phase 2: Monitoring & Analytics - LiveView
    live "/transactions", TransactionsLive, :index
    live "/transactions/:id", TransactionsLive, :show

    live "/qr-validations", QRValidationsLive, :index
    live "/qr-validations/:id", QRValidationsLive, :show

    live "/req-chk-txn", ReqChkTxnLive, :index
    live "/req-chk-txn/:id", ReqChkTxnLive, :show

    live "/req-pay", ReqPayLive, :index
    live "/req-pay/:id", ReqPayLive, :show

    live "/analytics", AnalyticsLive, :index

    # Phase 3: Platform Management - LiveView
    live "/international-payments", InternationalPaymentsLive, :index
    live "/international-payments/:id", InternationalPaymentsLive, :show

    live "/settlements", SettlementsLive, :index
    live "/settlements/:id", SettlementsLive, :show

    live "/api-docs", ApiDocsLive, :index
    live "/api-docs/:group", ApiDocsLive, :group
    live "/api-docs/:group/:endpoint", ApiDocsLive, :endpoint

    live "/profile", ProfileLive, :index

    live "/settings", SettingsLive, :index
    live "/settings/:tab", SettingsLive, :tab

    # Legacy controller routes (keeping for backward compatibility)
    resources "/organizations_old", OrganizationController
    resources "/users_old", UserController
  end

  # SaaS Kit webhook endpoint
  scope "/webhooks", DaProductAppWeb do
    pipe_through :webhook

    post "/saas-kit", SaasKitWebhookController, :webhook
  end

  # Other scopes may use custom stacks.
  scope "/api/v1", DaProductAppWeb.Api.V1 do
    pipe_through :api

    # ================================
    # NPCI → PSP Interface (UpiController)
    # These handle all official UPI APIs from NPCI
    # No authentication required - NPCI authenticated via other means
    # ================================

    # Core UPI APIs (as per NPCI specification)
    post "/upi/validate-qr", UpiController, :validate_qr           # ReqValQR from NPCI
    post "/upi/process-payment", UpiController, :process_payment   # ReqPay from NPCI
    post "/upi/check-transaction", UpiController, :check_transaction # ReqChkTxn from NPCI
    post "/upi/process-credit", UpiController, :process_credit_payment # ReqPay CREDIT from NPCI
    post "/upi/heartbeat", UpiController, :heartbeat              # ReqHbt from NPCI

    # Enhanced UPI APIs (extensions)
    post "/upi/batch-check", UpiController, :batch_check_transactions
    post "/upi/reconciliation", UpiController, :reconciliation
    post "/upi/mandate-request", UpiController, :mandate_request

    # International UPI queries (PSP internal)
    get "/upi/international-qr", UpiController, :get_international_qr
    get "/upi/fx-rate/:from/:to", UpiController, :get_fx_rate

    # NEW: PSP-initiated heartbeat endpoint (YOUR REQUIREMENT)
    post "/upi/initiate-heartbeat", UpiController, :initiate_heartbeat
  end

  # Partner APIs - Require Authentication
  scope "/api/v1", DaProductAppWeb.Api.V1 do
    pipe_through [:api, DaProductAppWeb.Plugs.PartnerAuth, DaProductAppWeb.Plugs.RateLimiter]

    # ================================
    # Partner → PSP Interface (QRValidationController)
    # These handle partner-facing QR generation APIs
    # ================================

    # Clear, descriptive naming for partner APIs
    post "/qr-generate", QRValidationController, :generate_qr      # Partner requests QR generation
    post "/generate-static-qr", QRValidationController, :generate_static_qr  # Partner requests static QR generation
    get "/qr-status/:id", QRValidationController, :get_qr_status   # Partner checks QR status

    # ================================
    # Legacy Transaction APIs (if needed)
    # ================================
    resources "/transactions", TransactionController, only: [:index, :show]
  end

  # ================================
  # NPCI UPI Direct API Endpoints (No /api/v1 prefix)
  # These match NPCI's direct calling patterns like /ReqHbt/2.0/urn:txnid:...
  # ================================
  scope "/", DaProductAppWeb.Api.V1 do
    pipe_through :npci_upi

    # UPI Core APIs - NPCI Direct Format
    post "/ReqValQr/*path", UpiController, :validate_qr          # QR Validation
    post "/ReqPay/*path", UpiController, :process_payment        # Payment Processing
    post "/ReqChkTxn/*path", UpiController, :check_transaction   # Transaction Status
    post "/ReqHbt/*path", UpiController, :heartbeat              # Heartbeat
    post "/RespHbt/*path", UpiController, :handle_resp_hbt       # Heartbeat Response from NPCI
    post "/ReqRegMob/*path", UpiController, :register_mobile     # Mobile Registration
    post "/ReqOtp/*path", UpiController, :otp_request            # OTP Request
    post "/ReqSetCre/*path", UpiController, :set_credentials     # Set Credentials
    post "/ReqMandateConf/*path", UpiController, :mandate_confirmation # Mandate Confirmation
    post "/ReqTxnConfirmation/*path", UpiController, :transaction_confirmation # Transaction Confirmation

    # Alternative patterns without path params (if NPCI uses simpler format)
    post "/ReqValQr", UpiController, :validate_qr
    post "/ReqPay", UpiController, :process_payment
    post "/ReqChkTxn", UpiController, :check_transaction
    post "/ReqHbt", UpiController, :heartbeat
    post "/RespHbt", UpiController, :handle_resp_hbt
    post "/ReqRegMob", UpiController, :register_mobile
    post "/ReqOtp", UpiController, :otp_request
    post "/ReqSetCre", UpiController, :set_credentials
    post "/ReqMandateConf", UpiController, :mandate_confirmation
    post "/ReqTxnConfirmation", UpiController, :transaction_confirmation
  end

  # Development routes
  if Mix.env() in [:dev, :test] do
    import Phoenix.LiveDashboard.Router

    scope "/" do
      pipe_through [:fetch_session, :protect_from_forgery]
      live_dashboard "/dashboard", metrics: DaProductAppWeb.Telemetry
    end
  end
end