use actix_web::{HttpResponse, web};
use serde::Deserialize;
use utoipa::{IntoParams, ToSchema};

use crate::api::response::{ApiErrorResponse, ApiResponse};
use crate::error::AppError;
use crate::service::AppService;
use crate::session::Session;

#[derive(Debug, Deserialize, IntoParams)]
pub struct PathParams {
    pub workspace_name: String,
    pub repo_name: String,
    pub branch_name: String,
}

#[derive(Debug, Deserialize, ToSchema)]
pub struct SetBranchProtectionParams {
    pub protected: bool,
}

#[utoipa::path(
    put,
    path = "/api/v1/workspaces/{workspace_name}/repos/{repo_name}/branches/{branch_name}/protection",
    tag = "Repos",
    operation_id = "repoSetBranchProtection",
    params(PathParams),
    request_body(content = SetBranchProtectionParams),
    responses(
        (status = 200, description = "Branch protection set", body = ApiResponse<String>),
        (status = 401, description = "Authentication required", body = ApiErrorResponse),
        (status = 404, description = "Branch not found", body = ApiErrorResponse),
    ),
    security(("session_cookie" = []))
)]
pub async fn set_branch_protection(
    service: web::Data<AppService>,
    session: Session,
    path: web::Path<PathParams>,
    params: web::Json<SetBranchProtectionParams>,
) -> Result<HttpResponse, AppError> {
    // Verify branch exists via gRPC
    let _ = service
        .repo
        .git_get_branch(
            &session,
            &path.workspace_name,
            &path.repo_name,
            &path.branch_name,
        )
        .await?;

    // Update DB protection flag (platform metadata, no gRPC equivalent)
    service
        .repo
        .repo_set_branch_protection_by_name(
            &session,
            &path.workspace_name,
            &path.repo_name,
            &path.branch_name,
            params.protected,
        )
        .await?;

    Ok(HttpResponse::Ok().json(ApiResponse::new("Branch protection updated".to_string())))
}