use actix_web::{HttpResponse, web};
use serde::Deserialize;
use utoipa::IntoParams;

use crate::api::response::{ApiErrorResponse, ApiResponse};
use crate::error::AppError;
use crate::service::AppService;
use crate::session::Session;

#[derive(Debug, Deserialize, IntoParams)]
pub struct PathParams {
    /// SSH key ID (UUID)
    pub key_id: uuid::Uuid,
}

/// Delete an SSH key
///
/// Revokes an SSH key belonging to the authenticated user.
/// Requires authentication.
///
/// Effects:
/// - Key is marked as revoked (soft-deleted)
/// - Key can no longer be used for Git operations
/// - Revoked keys remain visible in key history
///
/// Returns success message on completion.
#[utoipa::path(
    delete,
    path = "/api/v1/user/keys/ssh/{key_id}",
    tag = "User",
    operation_id = "userDeleteSshKey",
    params(PathParams),
    responses(
        (status = 200, description = "SSH key revoked successfully.", body = ApiResponse<String>),
        (status = 401, description = "Authentication required or session expired", body = ApiErrorResponse),
        (status = 404, description = "SSH key not found or already revoked", body = ApiErrorResponse),
        (status = 500, description = "Internal server error", body = ApiErrorResponse),
    ),
    security(
        ("session_cookie" = [])
    )
)]
pub async fn delete_ssh_key(
    service: web::Data<AppService>,
    session: Session,
    path: web::Path<PathParams>,
) -> Result<HttpResponse, AppError> {
    service
        .user
        .user_delete_ssh_key(&session, path.key_id)
        .await?;
    Ok(HttpResponse::Ok().json(ApiResponse::new("SSH key revoked successfully".to_string())))
}