// Copyright (c) 2026 Gordon Bolton. MIT License.
const express = require('express');
const axios = require('axios');
const router = express.Router();
const requireAuth = require('../middleware/requireAuth');
const sanitizeError = require('../utils/sanitizeError');

/**
 * @openapi
 * /api/emby/sessions:
 *   get:
 *     tags: [Emby]
 *     summary: Get active Emby sessions
 *     description: Proxy to Emby's sessions endpoint. Requires authentication.
 *     security:
 *       - CookieAuth: []
 *     responses:
 *       '200':
 *         description: Sessions data from Emby
 *         content:
 *           application/json:
 *             schema:
 *               type: array
 */
router.use(requireAuth);

// GET /api/emby/sessions - list active Emby sessions
router.get('/sessions', async (req, res) => {
  try {
    const response = await axios.get(`${process.env.EMBY_URL}/Sessions`, {
      headers: { 'X-MediaBrowser-Token': process.env.EMBY_API_KEY }
    });
    res.json(response.data);
  } catch (error) {
    res.status(500).json({ error: 'Failed to fetch Emby sessions', details: sanitizeError(error) });
  }
});

/**
 * @openapi
 * /api/emby/users:
 *   get:
 *     tags: [Emby]
 *     summary: Get all Emby users
 *     description: Proxy to Emby's users list endpoint. Requires authentication.
 *     security:
 *       - CookieAuth: []
 *     responses:
 *       '200':
 *         description: Users list from Emby
 *         content:
 *           application/json:
 *             schema:
 *               type: array
 */
// GET /api/emby/users - list all users
router.get('/users', async (req, res) => {
  try {
    const response = await axios.get(`${process.env.EMBY_URL}/Users`, {
      headers: { 'X-MediaBrowser-Token': process.env.EMBY_API_KEY }
    });
    res.json(response.data);
  } catch (error) {
    res.status(500).json({ error: 'Failed to fetch users', details: sanitizeError(error) });
  }
});

/**
 * @openapi
 * /api/emby/session/{sessionId}/user:
 *   get:
 *     tags: [Emby]
 *     summary: Get user from session
 *     description: Get user details for a specific session ID. Requires authentication.
 *     security:
 *       - CookieAuth: []
 *     parameters:
 *       - name: sessionId
 *         in: path
 *         required: true
 *         schema:
 *           type: string
 *         description: Emby session ID
 *     responses:
 *       '200':
 *         description: User data from Emby
 *         content:
 *           application/json:
 *             schema:
 *               type: object
 *       '404':
 *         description: Session not found
 *         content:
 *           application/json:
 *             schema:
 *               $ref: '#/components/schemas/ErrorResponse'
 */
// GET /api/emby/session/:sessionId/user - get user for a specific session
router.get('/session/:sessionId/user', async (req, res) => {
  try {
    const response = await axios.get(`${process.env.EMBY_URL}/Sessions`, {
      headers: { 'X-MediaBrowser-Token': process.env.EMBY_API_KEY }
    });
    
    const session = response.data.find(s => s.Id === req.params.sessionId);
    if (!session) {
      return res.status(404).json({ error: 'Session not found' });
    }
    
    const userResponse = await axios.get(`${process.env.EMBY_URL}/Users/${session.UserId}`, {
      headers: { 'X-MediaBrowser-Token': process.env.EMBY_API_KEY }
    });
    
    res.json(userResponse.data);
  } catch (error) {
    res.status(500).json({ error: 'Failed to fetch user from session', details: sanitizeError(error) });
  }
});

module.exports = router;