<?php

namespace App\Http\Controllers\Api\V1\Admin\Integration;

use App\Models\AdminSite;
use App\Support\ApiResponse;
use App\Lottery\ErrorCode;
use Illuminate\Http\Request;
use Illuminate\Http\JsonResponse;
use App\Http\Controllers\Controller;
use App\Services\AuditLogger;
use App\Services\Integration\IntegrationSiteService;
use App\Support\AdminIntegrationSiteAccess;
use App\Support\AdminIntegrationSitePresenter;
use App\Http\Middleware\RecordAdminApiAudit;

final class AdminIntegrationSiteRotateSecretsController extends Controller
{
    public function __invoke(
        Request $request,
        AdminSite $admin_site,
        IntegrationSiteService $service,
    ): JsonResponse {
        $admin = $request->lotteryAdmin();
        abort_if($admin === null, 401);

        if (! AdminIntegrationSiteAccess::canAccess($admin, $admin_site)) {
            return ApiResponse::error('无权操作该站点', ErrorCode::AdminForbidden->value, null, 403);
        }

        $result = $service->rotateSecrets($admin_site);
        $site = $result['site'];

        $payload = AdminIntegrationSitePresenter::withPlainSecretsOnce(
            AdminIntegrationSitePresenter::detail($site),
            $result['secrets'],
        );

        AuditLogger::recordForAdmin(
            $admin,
            $request,
            moduleCode: 'integration',
            actionCode: 'rotate_secrets',
            targetType: 'admin_site',
            targetId: (string) $site->id,
            afterJson: ['code' => $site->code, 'rotated' => true],
        );
        $request->attributes->set(RecordAdminApiAudit::ATTRIBUTE_AUDIT_RECORDED, true);

        return ApiResponse::success($payload);
    }
}