# frozen_string_literal: true

class WafPoliciesController < ApplicationController
  # Follow proper before_action order:
  # 1. Authentication/Authorization
  # All actions require authentication

  # 2. Resource loading
  before_action :set_waf_policy, only: [:show, :edit, :update, :destroy, :activate, :deactivate]

  # GET /waf_policies
  def index
    @pagy, @waf_policies = pagy(policy_scope(WafPolicy).includes(:user, :generated_rules).order(created_at: :desc))
    @policy_types = WafPolicy::POLICY_TYPES
    @actions = WafPolicy::ACTIONS
  end

  # GET /waf_policies/new
  def new
    authorize WafPolicy
    @waf_policy = WafPolicy.new
    @policy_types = WafPolicy::POLICY_TYPES
    @actions = WafPolicy::ACTIONS

    # Set default values from URL parameters
    @waf_policy.policy_type = params[:policy_type] if params[:policy_type].present?
    @waf_policy.action = params[:action] if params[:action].present?
    @waf_policy.targets = params[:targets] if params[:targets].present?
  end

  # POST /waf_policies
  def create
    authorize WafPolicy
    @waf_policy = WafPolicy.new(waf_policy_params)
    @waf_policy.user = Current.user
    @policy_types = WafPolicy::POLICY_TYPES
    @actions = WafPolicy::ACTIONS

    if @waf_policy.save
      # Trigger policy processing for existing network ranges
      ProcessWafPoliciesJob.perform_later(waf_policy_id: @waf_policy.id)

      redirect_to @waf_policy, notice: 'WAF policy was successfully created.'
    else
      render :new, status: :unprocessable_entity
    end
  end

  # GET /waf_policies/:id
  def show
    @generated_rules = @waf_policy.generated_rules.includes(:network_range).order(created_at: :desc).limit(20)
    @effectiveness_stats = @waf_policy.effectiveness_stats
  end

  # GET /waf_policies/:id/edit
  def edit
    @policy_types = WafPolicy::POLICY_TYPES
    @actions = WafPolicy::ACTIONS
  end

  # PATCH/PUT /waf_policies/:id
  def update
    @policy_types = WafPolicy::POLICY_TYPES
    @actions = WafPolicy::ACTIONS

    if @waf_policy.update(waf_policy_params)
      # Re-process policies for existing network ranges if policy was changed
      if @waf_policy.saved_change_to_targets? || @waf_policy.saved_change_to_action?
        ProcessWafPoliciesJob.reprocess_for_policy(@waf_policy)
      end

      redirect_to @waf_policy, notice: 'WAF policy was successfully updated.'
    else
      render :edit, status: :unprocessable_entity
    end
  end

  # DELETE /waf_policies/:id
  def destroy
    policy_name = @waf_policy.name

    # Soft delete by disabling and expiring the policy
    @waf_policy.update!(enabled: false, expires_at: Time.current)

    redirect_to waf_policies_url, notice: "WAF policy '#{policy_name}' was disabled."
  end

  # POST /waf_policies/:id/activate
  def activate
    @waf_policy.activate!

    # Re-process policies for existing network ranges
    ProcessWafPoliciesJob.reprocess_for_policy(@waf_policy)

    redirect_to @waf_policy, notice: 'WAF policy was activated.'
  end

  # POST /waf_policies/:id/deactivate
  def deactivate
    @waf_policy.deactivate!

    redirect_to @waf_policy, notice: 'WAF policy was deactivated.'
  end

  # GET /waf_policies/new_country
  def new_country
    authorize WafPolicy
    @waf_policy = WafPolicy.new(policy_type: 'country', action: 'deny')
    @policy_types = WafPolicy::POLICY_TYPES
    @actions = WafPolicy::ACTIONS
  end

  # POST /waf_policies/create_country
  def create_country
    authorize WafPolicy

    countries = params[:countries]&.reject(&:blank?) || []
    action = params[:action] || 'deny'

    if countries.empty?
      redirect_to new_country_waf_policies_path, alert: 'Please select at least one country.'
      return
    end

    @waf_policy = WafPolicy.create_country_policy(
      countries,
      action: action,
      user: Current.user,
      description: params[:description]
    )

    if @waf_policy.persisted?
      # Trigger policy processing for existing network ranges
      ProcessWafPoliciesJob.reprocess_for_policy(@waf_policy)

      redirect_to @waf_policy, notice: "Country blocking policy was successfully created for #{countries.join(', ')}."
    else
      @policy_types = WafPolicy::POLICY_TYPES
      @actions = WafPolicy::ACTIONS
      render :new_country, status: :unprocessable_entity
    end
  end

  private

  def set_waf_policy
    @waf_policy = WafPolicy.find(params[:id])
    authorize @waf_policy
  rescue ActiveRecord::RecordNotFound
    redirect_to waf_policies_path, alert: 'WAF policy not found.'
  end

  def waf_policy_params
    params.require(:waf_policy).permit(
      :name,
      :description,
      :policy_type,
      :action,
      :enabled,
      :expires_at,
      targets: [],
      additional_data: {}
    )
  end
end