main.go

package main

import (
	"context"
	"encoding/base64"
	"encoding/json"
	"fmt"
	"net/http"
	"os"
	"strconv"
	"strings"
	"time"

	"github.com/aws/aws-lambda-go/events"
	"github.com/aws/aws-lambda-go/lambda"

	"ecommerce-order-api/core"
)

// AuthClaims represents the authentication claims from OIDC token
type AuthClaims struct {
	TenantID string `json:"tenant_id"`
	UserID   string `json:"sub"`
	Email    string `json:"email"`
}

// Response represents the API response
type Response struct {
	Message  string           `json:"message,omitempty"`
	Order    *core.Order      `json:"order,omitempty"`
	Orders   []core.Order     `json:"orders,omitempty"`
	Count    int              `json:"count,omitempty"`
	Error    string           `json:"error,omitempty"`
	Comment  *core.OrderComment `json:"comment,omitempty"`
	Comments []core.OrderComment `json:"comments,omitempty"`
}

var orderService *core.OrderService

// init initializes the order service (runs once per Lambda container)
func init() {
	dbConfig := core.DBConfig{
		Host:     os.Getenv("DB_HOST"),
		Port:     getEnvInt("DB_PORT", 5432),
		Database: os.Getenv("DB_NAME"),
		User:     os.Getenv("DB_USER"),
		Password: os.Getenv("DB_PASSWORD"),
	}

	var err error
	orderService, err = core.NewOrderService(dbConfig)
	if err != nil {
		panic(fmt.Sprintf("Failed to initialize order service: %v", err))
	}
}

// Handler is the Lambda function handler (AWS Lambda)
func Handler(ctx context.Context, request events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
	return handleRequest(ctx, request)
}

// handleRequest processes the request (cloud-agnostic)
func handleRequest(ctx context.Context, request events.APIGatewayProxyRequest) (events.APIGatewayProxyResponse, error) {
	// Handle CORS preflight
	if request.HTTPMethod == "OPTIONS" {
		return createResponse(http.StatusOK, nil, nil)
	}

	// Extract authentication claims from Authorization header
	claims, err := extractAuthClaims(request)
	if err != nil {
		return createResponse(http.StatusUnauthorized, Response{
			Error: err.Error(),
		}, nil)
	}

	// Get order_id from path parameters
	orderID, hasOrderID := request.PathParameters["order_id"]

	// Route based on HTTP method and path
	switch request.HTTPMethod {
	case "POST":
		if request.Resource == "/orders" {
			return handleCreateOrder(request, claims)
		}
		if hasOrderID && request.Resource == "/orders/{order_id}/comments" {
			return handleAddComment(orderID, request, claims)
		}
	case "GET":
		if hasOrderID {
			// Check if this is a comments request
			if request.Resource == "/orders/{order_id}/comments" {
				return handleGetOrderComments(orderID, claims)
			}
			return handleGetOrder(orderID, claims)
		}
		return handleListOrders(request, claims)
	case "PUT":
		if hasOrderID && request.Resource == "/orders/{order_id}" {
			return handleUpdateOrder(orderID, request, claims)
		}
	}

	return createResponse(http.StatusNotFound, Response{
		Error: "Not Found",
	}, nil)
}

// extractAuthClaims extracts claims from JWT token (OIDC compliant)
// Works with any OIDC provider: Auth0, Keycloak, your custom OAuth2 server, etc.
func extractAuthClaims(request events.APIGatewayProxyRequest) (AuthClaims, error) {
	// Get Authorization header
	authHeader := request.Headers["Authorization"]
	if authHeader == "" {
		// Try lowercase
		authHeader = request.Headers["authorization"]
	}

	if authHeader == "" {
		return AuthClaims{}, fmt.Errorf("missing Authorization header")
	}

	// Extract Bearer token
	token := strings.TrimPrefix(authHeader, "Bearer ")
	if token == authHeader {
		return AuthClaims{}, fmt.Errorf("invalid Authorization header format")
	}

	// Parse JWT claims (payload is the second part of JWT)
	claims, err := parseJWTClaims(token)
	if err != nil {
		return AuthClaims{}, fmt.Errorf("invalid token: %w", err)
	}

	// Validate required claims
	if claims.TenantID == "" {
		return AuthClaims{}, fmt.Errorf("missing tenant_id in token claims")
	}
	if claims.UserID == "" {
		return AuthClaims{}, fmt.Errorf("missing sub (user_id) in token claims")
	}

	return claims, nil
}

// parseJWTClaims parses the payload from a JWT token
func parseJWTClaims(token string) (AuthClaims, error) {
	parts := strings.Split(token, ".")
	if len(parts) != 3 {
		return AuthClaims{}, fmt.Errorf("invalid JWT format")
	}

	// Decode payload (base64url)
	payload, err := base64URLDecode(parts[1])
	if err != nil {
		return AuthClaims{}, fmt.Errorf("failed to decode token payload: %w", err)
	}

	var claims AuthClaims
	if err := json.Unmarshal(payload, &claims); err != nil {
		return AuthClaims{}, fmt.Errorf("failed to parse token claims: %w", err)
	}

	return claims, nil
}

// base64URLDecode decodes base64url encoded string
func base64URLDecode(s string) ([]byte, error) {
	// Add padding if necessary
	switch len(s) % 4 {
	case 2:
		s += "=="
	case 3:
		s += "="
	}

	// Replace URL-safe characters
	s = strings.ReplaceAll(s, "-", "+")
	s = strings.ReplaceAll(s, "_", "/")

	return base64.StdEncoding.DecodeString(s)
}

// handleCreateOrder handles POST /orders
func handleCreateOrder(request events.APIGatewayProxyRequest, claims AuthClaims) (events.APIGatewayProxyResponse, error) {
	// Parse request body
	var req core.CreateOrderRequest
	if err := json.Unmarshal([]byte(request.Body), &req); err != nil {
		return createResponse(http.StatusBadRequest, Response{
			Error: "Invalid request body",
		}, nil)
	}

	// Create order
	order, err := orderService.CreateOrder(claims.TenantID, claims.UserID, req, claims.Email)
	if err != nil {
		if isValidationError(err) {
			return createResponse(http.StatusBadRequest, Response{
				Error: err.Error(),
			}, nil)
		}
		fmt.Printf("Error creating order: %v\n", err)
		return createResponse(http.StatusInternalServerError, Response{
			Error: "Failed to create order",
		}, nil)
	}

	return createResponse(http.StatusCreated, Response{
		Message: "Order created successfully",
		Order:   order,
	}, nil)
}

// handleGetOrder handles GET /orders/{order_id}
func handleGetOrder(orderID string, claims AuthClaims) (events.APIGatewayProxyResponse, error) {
	order, err := orderService.GetOrder(orderID, claims.TenantID)
	if err != nil {
		fmt.Printf("Error getting order: %v\n", err)
		return createResponse(http.StatusInternalServerError, Response{
			Error: "Failed to retrieve order",
		}, nil)
	}

	if order == nil {
		return createResponse(http.StatusNotFound, Response{
			Error: "Order not found",
		}, nil)
	}

	return createResponse(http.StatusOK, Response{
		Order: order,
	}, nil)
}

// handleListOrders handles GET /orders
func handleListOrders(request events.APIGatewayProxyRequest, claims AuthClaims) (events.APIGatewayProxyResponse, error) {
	// Get query parameters
	limit := getQueryParamInt(request.QueryStringParameters, "limit", 50)
	offset := getQueryParamInt(request.QueryStringParameters, "offset", 0)
	myOrders := request.QueryStringParameters["my_orders"] == "true"

	// Cap limit at 100
	if limit > 100 {
		limit = 100
	}

	var userID *string
	if myOrders {
		userID = &claims.UserID
	}

	orders, err := orderService.ListOrders(claims.TenantID, userID, limit, offset)
	if err != nil {
		fmt.Printf("Error listing orders: %v\n", err)
		return createResponse(http.StatusInternalServerError, Response{
			Error: "Failed to list orders",
		}, nil)
	}

	// Handle nil slice
	if orders == nil {
		orders = []core.Order{}
	}

	return createResponse(http.StatusOK, Response{
		Orders: orders,
		Count:  len(orders),
	}, nil)
}

// handleUpdateOrder handles PUT /orders/{order_id}
func handleUpdateOrder(orderID string, request events.APIGatewayProxyRequest, claims AuthClaims) (events.APIGatewayProxyResponse, error) {
	// Parse request body
	var req core.UpdateOrderRequest
	if err := json.Unmarshal([]byte(request.Body), &req); err != nil {
		return createResponse(http.StatusBadRequest, Response{
			Error: "Invalid request body",
		}, nil)
	}

	// Update order
	order, err := orderService.UpdateOrder(orderID, claims.TenantID, req)
	if err != nil {
		if isValidationError(err) {
			return createResponse(http.StatusBadRequest, Response{
				Error: err.Error(),
			}, nil)
		}
		fmt.Printf("Error updating order: %v\n", err)
		return createResponse(http.StatusInternalServerError, Response{
			Error: "Failed to update order",
		}, nil)
	}

	if order == nil {
		return createResponse(http.StatusNotFound, Response{
			Error: "Order not found",
		}, nil)
	}

	return createResponse(http.StatusOK, Response{
		Message: "Order updated successfully",
		Order:   order,
	}, nil)
}

// handleAddComment handles POST /orders/{order_id}/comments
func handleAddComment(orderID string, request events.APIGatewayProxyRequest, claims AuthClaims) (events.APIGatewayProxyResponse, error) {
	// Parse request body
	var req core.AddCommentRequest
	if err := json.Unmarshal([]byte(request.Body), &req); err != nil {
		return createResponse(http.StatusBadRequest, Response{
			Error: "Invalid request body",
		}, nil)
	}

	// Add comment
	comment, err := orderService.AddComment(orderID, claims.TenantID, claims.UserID, claims.Email, req)
	if err != nil {
		if isValidationError(err) {
			return createResponse(http.StatusBadRequest, Response{
				Error: err.Error(),
			}, nil)
		}
		fmt.Printf("Error adding comment: %v\n", err)
		return createResponse(http.StatusInternalServerError, Response{
			Error: "Failed to add comment",
		}, nil)
	}

	if comment == nil {
		return createResponse(http.StatusNotFound, Response{
			Error: "Order not found",
		}, nil)
	}

	return createResponse(http.StatusCreated, Response{
		Message: "Comment added successfully",
		Comment: comment,
	}, nil)
}

// handleGetOrderComments handles GET /orders/{order_id}/comments
func handleGetOrderComments(orderID string, claims AuthClaims) (events.APIGatewayProxyResponse, error) {
	// Get comments
	comments, err := orderService.GetOrderComments(orderID, claims.TenantID)
	if err != nil {
		fmt.Printf("Error getting comments: %v\n", err)
		return createResponse(http.StatusInternalServerError, Response{
			Error: "Failed to retrieve comments",
		}, nil)
	}

	// If nil, return empty array
	if comments == nil {
		comments = []core.OrderComment{}
	}

	return createResponse(http.StatusOK, Response{
		Comments: comments,
		Count:    len(comments),
	}, nil)
}

// createResponse creates an API Gateway response
func createResponse(statusCode int, body interface{}, err error) (events.APIGatewayProxyResponse, error) {
	headers := map[string]string{
		"Content-Type":                "application/json",
		"Access-Control-Allow-Origin": "*",
		"Access-Control-Allow-Headers": "Content-Type,Authorization",
		"Access-Control-Allow-Methods": "GET,POST,PUT,DELETE,OPTIONS",
	}

	var bodyBytes []byte
	if body != nil {
		bodyBytes, _ = json.Marshal(body)
	}

	return events.APIGatewayProxyResponse{
		StatusCode: statusCode,
		Headers:    headers,
		Body:       string(bodyBytes),
	}, err
}

// Helper functions
func getEnvInt(key string, defaultValue int) int {
	if value := os.Getenv(key); value != "" {
		if intValue, err := strconv.Atoi(value); err == nil {
			return intValue
		}
	}
	return defaultValue
}

func getQueryParamInt(params map[string]string, key string, defaultValue int) int {
	if value, ok := params[key]; ok {
		if intValue, err := strconv.Atoi(value); err == nil {
			return intValue
		}
	}
	return defaultValue
}

func isValidationError(err error) bool {
	errMsg := err.Error()
	return strings.Contains(errMsg, "required") || strings.Contains(errMsg, "must be")
}

// Unused: Keep for potential GCP Cloud Functions integration
var _ = time.Now()

func main() {
	lambda.Start(Handler)
}