const tokenInput = document.getElementById("tokenInput");
const objectKeysInput = document.getElementById("objectKeysInput");
const permissionsOutput = document.getElementById("permissionsOutput");
const gallery = document.getElementById("gallery");

const loadPermissionsBtn = document.getElementById("loadPermissionsBtn");
const buildGalleryBtn = document.getElementById("buildGalleryBtn");

let currentPermissions = null;

function getToken() {
  return tokenInput.value.trim();
}

function parseObjectKeys() {
  return objectKeysInput.value
    .split("\n")
    .map((line) => line.trim())
    .filter(Boolean);
}

function isAllowedByPermissions(objectKey, permissions) {
  if (!permissions) return false;
  if (permissions.allowAll) return true;
  const prefixes = permissions.allowedPrefixes || [];
  return prefixes.some((prefix) => objectKey.startsWith(prefix));
}

async function callJson(url, options = {}) {
  const token = getToken();
  const headers = {
    "Content-Type": "application/json",
    ...(options.headers || {})
  };
  if (token) {
    headers.Authorization = `Bearer ${token}`;
  }

  const response = await fetch(url, { ...options, headers });
  const payload = await response.json().catch(() => ({}));
  if (!response.ok) {
    throw new Error(payload.message || `HTTP ${response.status}`);
  }
  return payload;
}

loadPermissionsBtn.addEventListener("click", async () => {
  try {
    const perms = await callJson("/api/me/permissions");
    currentPermissions = perms;
    permissionsOutput.textContent = JSON.stringify(perms, null, 2);
  } catch (error) {
    permissionsOutput.textContent = `Erreur: ${error.message}`;
  }
});

buildGalleryBtn.addEventListener("click", async () => {
  gallery.innerHTML = "";
  const keys = parseObjectKeys();

  if (!currentPermissions) {
    permissionsOutput.textContent = "Charger d'abord les permissions.";
    return;
  }

  if (!keys.length) {
    permissionsOutput.textContent = "Ajouter au moins une objectKey.";
    return;
  }

  for (const objectKey of keys) {
    const card = document.createElement("article");
    card.className = "card";

    const img = document.createElement("img");
    img.className = "thumb";
    img.alt = objectKey;

    const keyP = document.createElement("p");
    keyP.className = "key";
    keyP.textContent = objectKey;

    const openBtn = document.createElement("button");
    openBtn.textContent = "Ouvrir";
    openBtn.disabled = !isAllowedByPermissions(objectKey, currentPermissions);

    openBtn.addEventListener("click", async () => {
      try {
        const presign = await callJson("/api/media/presign", {
          method: "POST",
          body: JSON.stringify({ objectKey })
        });
        const signedUrl = presign.url;
        img.src = signedUrl;
        window.open(signedUrl, "_blank", "noopener,noreferrer");
      } catch (error) {
        alert(`Presign refuse: ${error.message}`);
      }
    });

    if (!openBtn.disabled) {
      // Previsualisation opportuniste pour les objets autorises.
      callJson("/api/media/presign", {
        method: "POST",
        body: JSON.stringify({ objectKey })
      })
        .then((presign) => {
          img.src = presign.url;
        })
        .catch(() => {
          img.alt = "Previsualisation indisponible";
        });
    } else {
      img.alt = "Acces refuse (roles)";
    }

    card.appendChild(img);
    card.appendChild(keyP);
    card.appendChild(openBtn);
    gallery.appendChild(card);
  }
});