<?php

namespace App\Http\Controllers;

use App\Models\User;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Support\Carbon;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Mail;
use Illuminate\Support\Str;
use Illuminate\View\View;

class PasswordResetController extends Controller
{
    public function create(): View
    {
        return view('auth.forgot-password');
    }

    public function store(Request $request): RedirectResponse
    {
        $validated = $request->validate([
            'email' => ['required', 'email'],
        ]);

        $user = User::where('email', $validated['email'])->first();

        if ($user) {
            $token = Str::random(64);

            DB::table('password_reset_tokens')->updateOrInsert([
                'email' => $user->email,
            ], [
                'token' => Hash::make($token),
                'created_at' => now(),
            ]);

            $url = route('password.reset', [
                'token' => $token,
                'email' => $user->email,
            ]);

            Mail::raw("Klik pautan ini untuk reset kata laluan:\n\n{$url}\n\nPautan sah selama 60 minit.", function ($message) use ($user): void {
                $message->to($user->email)
                    ->subject('Reset Kata Laluan RateMas');
            });
        }

        return back()->with('status', 'Jika emel wujud, pautan reset kata laluan telah dihantar.');
    }

    public function edit(Request $request, string $token): View
    {
        return view('auth.reset-password', [
            'token' => $token,
            'email' => $request->query('email'),
        ]);
    }

    public function update(Request $request): RedirectResponse
    {
        $validated = $request->validate([
            'token' => ['required', 'string'],
            'email' => ['required', 'email'],
            'password' => ['required', 'string', 'min:8', 'confirmed'],
        ]);

        $record = DB::table('password_reset_tokens')
            ->where('email', $validated['email'])
            ->first();

        if (! $record || ! Hash::check($validated['token'], $record->token) || Carbon::parse($record->created_at)->lt(now()->subMinutes(60))) {
            return back()
                ->withErrors(['email' => 'Token reset tidak sah atau telah tamat tempoh.'])
                ->withInput($request->only('email'));
        }

        $user = User::where('email', $validated['email'])->first();
        if (! $user) {
            return back()
                ->withErrors(['email' => 'Emel tidak dijumpai.'])
                ->withInput($request->only('email'));
        }

        $user->forceFill([
            'password' => Hash::make($validated['password']),
        ])->save();

        DB::table('password_reset_tokens')->where('email', $validated['email'])->delete();

        return redirect()->route('login')->with('status', 'Password berjaya ditukar. Sila login semula.');
    }
}