use actix_web::{web, HttpResponse};
use serde::Deserialize;
use utoipa::IntoParams;

use crate::api::response::{ApiResponse, ApiErrorResponse};
use crate::error::AppError;
use crate::models::repos::RepoDeployKey;
use crate::service::repo::deploy_keys::AddDeployKeyParams;
use crate::service::AppService;
use crate::session::Session;

#[derive(Debug, Deserialize, IntoParams)]
pub struct PathParams {
    /// Workspace name (unique identifier)
    pub workspace_name: String,
    /// Repository name (unique within the workspace)
    pub repo_name: String,
}

/// Add a deploy key to a repository
///
/// Adds an SSH public key for automated deployments and CI/CD access to the repository.
/// Requires Admin role or higher in the repository.
/// 
/// Parameters:
/// - title: Human-readable name for the deploy key (1-100 characters)
/// - key: SSH public key in OpenSSH format (e.g., "ssh-rsa AAAA...")
/// - read_only: Whether the key has read-only access (default: true)
/// 
/// Effects:
/// - Deploy key is added to the repository
/// - Key can be used for Git operations (clone, fetch, push if not read-only)
/// - Key fingerprint is calculated and stored
/// 
/// Returns the created deploy key with metadata including fingerprint.
#[utoipa::path(
    post,
    path = "/api/v1/workspaces/{workspace_name}/repos/{repo_name}/deploy-keys",
    tag = "Repos",
    operation_id = "repoAddDeployKey",
    params(PathParams),
    request_body(
        content = AddDeployKeyParams,
        description = "Deploy key addition parameters",
        content_type = "application/json"
    ),
    responses(
        (status = 201, description = "Deploy key added successfully. Returns the newly created deploy key with metadata.", body = ApiResponse<RepoDeployKey>),
        (status = 400, description = "Invalid parameters: title too long or invalid SSH key format", body = ApiErrorResponse),
        (status = 401, description = "Authentication required or session expired", body = ApiErrorResponse),
        (status = 403, description = "Insufficient permissions (requires Admin role or higher)", body = ApiErrorResponse),
        (status = 404, description = "Repository or workspace not found", body = ApiErrorResponse),
        (status = 409, description = "Deploy key with this fingerprint already exists", body = ApiErrorResponse),
        (status = 500, description = "Internal server error", body = ApiErrorResponse),
    ),
    security(
        ("session_cookie" = [])
    )
)]
pub async fn add_deploy_key(
    service: web::Data<AppService>,
    session: Session,
    path: web::Path<PathParams>,
    params: web::Json<AddDeployKeyParams>,
) -> Result<HttpResponse, AppError> {
    let key = service
        .repo
        .repo_add_deploy_key(&session, &path.workspace_name, &path.repo_name, params.into_inner())
        .await?;

    Ok(HttpResponse::Created().json(ApiResponse::new(key)))
}