/**
 * TwoFactorController
 *
 * @description Controller for Two-Factor Authentication (2FA/TOTP).
 * Extracted from auth.controller.ts (P0-009: Auth Controller split).
 *
 * Routes:
 * - POST /auth/2fa/setup - Generate TOTP secret and QR code
 * - POST /auth/2fa/enable - Enable 2FA with verification code
 * - POST /auth/2fa/disable - Disable 2FA with verification code
 * - POST /auth/2fa/backup-codes - Regenerate backup codes
 *
 * @see EmailAuthController - Email/password authentication (handles 2FA during login)
 * @see TokenController - Token management
 */
import { Request, Response, NextFunction } from 'express';
import { twoFactorService } from '../services/twofa.service';

/**
 * POST /auth/2fa/setup
 *
 * Generate TOTP secret and QR code for 2FA setup
 */
export const setup2FA = async (req: Request, res: Response, next: NextFunction) => {
  try {
    const userId = req.user!.id;

    const result = await twoFactorService.setupTOTP(userId);

    res.json({
      success: true,
      data: result,
    });
  } catch (error) {
    next(error);
  }
};

/**
 * POST /auth/2fa/enable
 *
 * Enable 2FA after verifying the setup code
 */
export const enable2FA = async (req: Request, res: Response, next: NextFunction) => {
  try {
    const userId = req.user!.id;
    const { code } = req.body;

    const result = await twoFactorService.enableTOTP(userId, code);

    res.json({
      success: true,
      message: result.message,
    });
  } catch (error) {
    next(error);
  }
};

/**
 * POST /auth/2fa/disable
 *
 * Disable 2FA with verification code
 */
export const disable2FA = async (req: Request, res: Response, next: NextFunction) => {
  try {
    const userId = req.user!.id;
    const { code } = req.body;

    const result = await twoFactorService.disableTOTP(userId, code);

    res.json({
      success: true,
      message: result.message,
    });
  } catch (error) {
    next(error);
  }
};

/**
 * POST /auth/2fa/backup-codes
 *
 * Regenerate backup codes (requires 2FA verification)
 */
export const regenerateBackupCodes = async (req: Request, res: Response, next: NextFunction) => {
  try {
    const userId = req.user!.id;
    const { code } = req.body;

    const result = await twoFactorService.regenerateBackupCodes(userId, code);

    res.json({
      success: true,
      data: result,
    });
  } catch (error) {
    next(error);
  }
};

/**
 * GET /auth/2fa/status
 *
 * Get 2FA status for authenticated user
 */
export const get2FAStatus = async (req: Request, res: Response, next: NextFunction) => {
  try {
    const userId = req.user!.id;

    const status = await twoFactorService.getTOTPStatus(userId);

    res.json({
      success: true,
      data: {
        enabled: status.enabled,
        method: status.method,
        backupCodesRemaining: status.backupCodesRemaining,
      },
    });
  } catch (error) {
    next(error);
  }
};