package handlers

import (
	"encoding/json"
	"net/http"
)

// ListPhoneNumbers returns all phone numbers for the account.
// POST /api/phone-numbers  {"account_id"}
func (h *Handlers) ListPhoneNumbers(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodPost {
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
		return
	}

	var req struct {
		AccountID string `json:"account_id"`
	}
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	baClient, err := h.getBusinessAPIClient(req.AccountID)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	resp, err := baClient.ListPhoneNumbers(r.Context())
	if err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	writeJSON(w, resp)
}

// RequestVerificationCode sends a verification code to a phone number.
// POST /api/phone-numbers/request-code  {"account_id","phone_number_id","method":"SMS"|"VOICE"}
func (h *Handlers) RequestVerificationCode(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodPost {
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
		return
	}

	var req struct {
		AccountID     string `json:"account_id"`
		PhoneNumberID string `json:"phone_number_id"`
		Method        string `json:"method"` // "SMS" or "VOICE"
	}
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	if req.PhoneNumberID == "" || req.Method == "" {
		http.Error(w, "phone_number_id and method are required", http.StatusBadRequest)
		return
	}
	if req.Method != "SMS" && req.Method != "VOICE" {
		http.Error(w, "method must be SMS or VOICE", http.StatusBadRequest)
		return
	}

	baClient, err := h.getBusinessAPIClient(req.AccountID)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	if err := baClient.RequestVerificationCode(r.Context(), req.PhoneNumberID, req.Method); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	writeJSON(w, map[string]string{"status": "ok"})
}

// VerifyCode verifies a phone number with the code received.
// POST /api/phone-numbers/verify-code  {"account_id","phone_number_id","code"}
func (h *Handlers) VerifyCode(w http.ResponseWriter, r *http.Request) {
	if r.Method != http.MethodPost {
		http.Error(w, "Method not allowed", http.StatusMethodNotAllowed)
		return
	}

	var req struct {
		AccountID     string `json:"account_id"`
		PhoneNumberID string `json:"phone_number_id"`
		Code          string `json:"code"`
	}
	if err := json.NewDecoder(r.Body).Decode(&req); err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	if req.PhoneNumberID == "" || req.Code == "" {
		http.Error(w, "phone_number_id and code are required", http.StatusBadRequest)
		return
	}

	baClient, err := h.getBusinessAPIClient(req.AccountID)
	if err != nil {
		http.Error(w, err.Error(), http.StatusBadRequest)
		return
	}

	if err := baClient.VerifyCode(r.Context(), req.PhoneNumberID, req.Code); err != nil {
		http.Error(w, err.Error(), http.StatusInternalServerError)
		return
	}

	writeJSON(w, map[string]string{"status": "ok"})
}