use actix_web::{HttpResponse, web};

use crate::api::response::{ApiErrorResponse, ApiResponse};
use crate::error::AppError;
use crate::service::AppService;
use crate::session::Session;

/// Delete user account
///
/// Permanently deletes the authenticated user's account and all associated data.
/// Requires authentication.
///
/// Preconditions:
/// - User must transfer or delete all owned workspaces
/// - User must transfer or delete all owned repositories
///
/// Effects:
/// - All user data is removed (SSH keys, GPG keys, sessions, devices, OAuth links, etc.)
/// - User is soft-deleted (marked as deleted, not physically removed)
/// - Current session is cleared
/// - Account cannot be recovered
///
/// Returns success message on completion.
#[utoipa::path(
    delete,
    path = "/api/v1/user/account",
    tag = "User",
    operation_id = "userDeleteAccount",
    responses(
        (status = 200, description = "Account deleted successfully. All user data has been removed.", body = ApiResponse<String>),
        (status = 400, description = "Cannot delete: user still owns workspaces or repositories", body = ApiErrorResponse),
        (status = 401, description = "Authentication required or session expired", body = ApiErrorResponse),
        (status = 404, description = "User not found", body = ApiErrorResponse),
        (status = 500, description = "Internal server error", body = ApiErrorResponse),
    ),
    security(
        ("session_cookie" = [])
    )
)]
pub async fn delete_account(
    service: web::Data<AppService>,
    session: Session,
) -> Result<HttpResponse, AppError> {
    service.user.user_delete_account(&session).await?;
    Ok(HttpResponse::Ok().json(ApiResponse::new("Account deleted successfully".to_string())))
}