import axios from "axios";
import { clearAuthClientState, getCsrfToken } from "./auth";

function looksLikeHtml(value: string) {
  return /<\s*html\b|<\s*body\b|<\s*head\b|<\s*title\b|<\s*!doctype\b/i.test(value);
}

function sanitizeServerMessage(value: string, fallback: string) {
  const text = value.trim();
  if (!text) return fallback;
  if (looksLikeHtml(text)) return fallback;
  return text.length > 300 ? `${text.slice(0, 297).trimEnd()}...` : text;
}

export function getApiErrorMessage(error: any, fallback = "Request failed.") {
  const data = error?.response?.data;
  if (typeof data === "string" && data.trim()) return sanitizeServerMessage(data, fallback);
  if (typeof data?.message === "string" && data.message.trim()) return sanitizeServerMessage(data.message, fallback);
  if (typeof data?.detail === "string" && data.detail.trim()) return sanitizeServerMessage(data.detail, fallback);
  if (typeof data?.title === "string" && data.title.trim()) return sanitizeServerMessage(data.title, fallback);
  if (Array.isArray(data?.errors)) {
    const first = data.errors.find((value: unknown) => typeof value === "string" && value.trim());
    if (first) return sanitizeServerMessage(first, fallback);
  }
  if (data?.errors && typeof data.errors === "object") {
    for (const value of Object.values(data.errors)) {
      if (Array.isArray(value)) {
        const first = value.find((item: unknown) => typeof item === "string" && item.trim());
        if (first) return sanitizeServerMessage(first, fallback);
      }
      if (typeof value === "string" && value.trim()) return sanitizeServerMessage(value, fallback);
    }
  }
  if (typeof error?.message === "string" && error.message.trim()) return sanitizeServerMessage(error.message, fallback);
  return fallback;
}

const envBaseUrl = process.env.REACT_APP_API_BASE_URL;
const defaultBaseUrl =
  window.location.hostname === "localhost"
    ? "http://localhost:5202/api"
    : "/api";

export const api = axios.create({
  baseURL: envBaseUrl && envBaseUrl.trim().length > 0 ? envBaseUrl : defaultBaseUrl,
  withCredentials: true,
  xsrfCookieName: "XSRF-TOKEN",
  xsrfHeaderName: "X-CSRF-TOKEN",
});

api.interceptors.request.use((config) => {
  const method = (config.method ?? "get").toUpperCase();
  if (["POST", "PUT", "PATCH", "DELETE"].includes(method)) {
    const csrfToken = getCsrfToken();
    if (csrfToken) {
      config.headers = config.headers ?? {};
      config.headers["X-CSRF-TOKEN"] = csrfToken;
    }
  }
  return config;
});

api.interceptors.response.use(
  (r) => r,
  (err) => {
    const status = err?.response?.status;
    if (status === 401) {
      clearAuthClientState();
    }
    return Promise.reject(err);
  },
);