import { Router, Request, Response } from 'express';
import multer from 'multer';
import {
  parseCertificate,
  decodePfx,
  matchKeyToCert,
  parseCsr,
  verifyChain,
} from '../services/certService';

const router = Router();
const upload = multer({
  storage: multer.memoryStorage(),
  limits: { fileSize: 10 * 1024 * 1024 },
});

router.post('/decode/pfx', upload.single('file'), (req: Request, res: Response) => {
  try {
    if (!req.file) {
      res.status(400).json({ error: 'No file uploaded' });
      return;
    }
    const password = req.body.password || '';
    const result = decodePfx(req.file.buffer, password);
    res.json(result);
  } catch (e: any) {
    const message = e.message?.includes('Invalid password')
      ? 'Invalid password or corrupted PFX file'
      : e.message || 'Failed to decode PFX file';
    res.status(400).json({ error: message });
  }
});

router.post('/decode/pem', (req: Request, res: Response) => {
  try {
    const { pem } = req.body;
    if (!pem) {
      res.status(400).json({ error: 'No PEM data provided' });
      return;
    }

    const pemRegex = /-----BEGIN CERTIFICATE-----[\s\S]*?-----END CERTIFICATE-----/g;
    const pems = pem.match(pemRegex) || [];

    if (pems.length === 0) {
      res.status(400).json({ error: 'No valid PEM certificates found in the input' });
      return;
    }

    const certificates = pems.map((p: string) => parseCertificate(p));
    res.json({ certificates });
  } catch (e: any) {
    res.status(400).json({ error: e.message || 'Failed to decode PEM' });
  }
});

router.post('/match', (req: Request, res: Response) => {
  try {
    const { certificate, privateKey } = req.body;
    if (!certificate || !privateKey) {
      res.status(400).json({ error: 'Both certificate and private key are required' });
      return;
    }
    const result = matchKeyToCert(certificate, privateKey);
    res.json(result);
  } catch (e: any) {
    res.status(400).json({ error: e.message || 'Failed to compare key and certificate' });
  }
});

router.post('/decode/csr', (req: Request, res: Response) => {
  try {
    const { pem } = req.body;
    if (!pem) {
      res.status(400).json({ error: 'No CSR data provided' });
      return;
    }
    const result = parseCsr(pem);
    res.json(result);
  } catch (e: any) {
    res.status(400).json({ error: e.message || 'Failed to decode CSR' });
  }
});

router.post('/chain/verify', (req: Request, res: Response) => {
  try {
    const { pem } = req.body;
    if (!pem) {
      res.status(400).json({ error: 'No certificate chain provided' });
      return;
    }
    const result = verifyChain(pem);
    res.json(result);
  } catch (e: any) {
    res.status(400).json({ error: e.message || 'Failed to verify chain' });
  }
});

export default router;