<?php

namespace App\Jobs;

use App\Models\SystemTask;
use Illuminate\Bus\Queueable;
use Illuminate\Contracts\Queue\ShouldQueue;
use Illuminate\Support\Facades\Artisan;
use Illuminate\Foundation\Bus\Dispatchable;
use Illuminate\Queue\InteractsWithQueue;
use Illuminate\Queue\SerializesModels;
use Illuminate\Support\Facades\Cache;

class ProvisionCertJob implements ShouldQueue
{
    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;

    public function __construct(
        public string $domain,
        public ?string $email,
        public string $taskKey,
        public bool $useLetsEncrypt // true => LE, false => self-signed
    ) {}

    /** NEU: DB→Redis spiegeln (fehler-tolerant) */
    private function syncCache(SystemTask $task, int $ttlMinutes = 30): void
    {
        try {
            Cache::store('redis')->put($task->key, [
                'type'    => $task->type,
                'status'  => $task->status,
                'message' => $task->message,
                'payload' => $task->payload ?? ['domain' => $this->domain],
            ], now()->addMinutes($ttlMinutes));
        } catch (\Throwable $e) {
            // Redis down? Ignorieren – der Banner würde dann einfach nichts finden.
        }
    }

    public function handle(): void
    {
        $task = SystemTask::where('key', $this->taskKey)->first();
        if (!$task) return;

        // running
        $task->update(['status' => 'running', 'message' => 'Starte Zertifikat-Provisionierung…']);
        $this->syncCache($task);

        if ($this->useLetsEncrypt) {
            $task->update(['message' => 'Let’s Encrypt wird ausgeführt…']);
            $this->syncCache($task);

            $exit = Artisan::call('mailwolt:provision-cert', [
                'domain'  => $this->domain,
                '--email' => $this->email ?? '',
            ]);

            if ($exit !== 0) {
                $out = trim(Artisan::output());
                $task->update(['message' => 'LE fehlgeschlagen: '.($out ?: 'Unbekannter Fehler – Fallback auf Self-Signed…')]);
                $this->syncCache($task);

                // Fallback: Self-Signed
                $exit = Artisan::call('mailwolt:provision-cert', [
                    'domain'        => $this->domain,
                    '--self-signed' => true,
                ]);
            }
        } else {
            $task->update(['message' => 'Self-Signed wird erstellt…']);
            $this->syncCache($task);

            $exit = Artisan::call('mailwolt:provision-cert', [
                'domain'        => $this->domain,
                '--self-signed' => true,
            ]);
        }

        $out = trim(Artisan::output());

        if ($exit === 0) {
            $task->update(['status' => 'done', 'message' => 'Zertifikat aktiv. '.$out]);
            $this->syncCache($task, 10);
        } else {
            $task->update(['status' => 'failed', 'message' => $out ?: 'Zertifikatserstellung fehlgeschlagen.']);
            $this->syncCache($task, 30);
        }
    }


//    public function handle(): void
//    {
//        $task = SystemTask::where('key', $this->taskKey)->first();
//        if (!$task) return;
//
//        $task->update(['status' => 'running', 'message' => 'Starte Zertifikat-Provisionierung…']);
//
//        if ($this->useLetsEncrypt) {
//            $task->update(['message' => 'Let’s Encrypt wird ausgeführt…']);
//            $exit = Artisan::call('mailwolt:provision-cert', [
//                'domain' => $this->domain,
//                '--email' => $this->email ?? '',
//            ]);
//
//            if ($exit !== 0) {
//                $out = trim(Artisan::output());
//                $task->update(['message' => 'LE fehlgeschlagen: '.($out ?: 'Unbekannter Fehler – Fallback auf Self-Signed…')]);
//
//                // Fallback: Self-Signed
//                $exit = Artisan::call('mailwolt:provision-cert', [
//                    'domain' => $this->domain,
//                    '--self-signed' => true,
//                ]);
//            }
//        } else {
//            $task->update(['message' => 'Self-Signed wird erstellt…']);
//            $exit = Artisan::call('mailwolt:provision-cert', [
//                'domain' => $this->domain,
//                '--self-signed' => true,
//            ]);
//        }
//
//        $out = trim(Artisan::output());
//        if ($exit === 0) {
//            $task->update(['status' => 'done', 'message' => 'Zertifikat aktiv. '.$out]);
//        } else {
//            $task->update(['status' => 'failed', 'message' => $out ?: 'Zertifikatserstellung fehlgeschlagen.']);
//        }
//    }
}