<?php

declare(strict_types=1);

namespace App\Http\Requests\Manage;

use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\DB;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

final class ManageArtworkUpdateRequest extends FormRequest
{
    private ?object $artwork = null;

    public function authorize(): bool
    {
        $user = $this->user();
        if (! $user) {
            $this->logUnauthorized('missing_user');
            $this->denyAsNotFound();
        }

        $id = (int) $this->route('id');
        if ($id <= 0) {
            $this->logUnauthorized('missing_artwork_id');
            $this->denyAsNotFound();
        }

        $artwork = DB::table('artworks')->where('id', $id)->first();
        if (! $artwork || (int) $artwork->user_id !== (int) $user->id) {
            $this->logUnauthorized('artwork_not_owned_or_missing');
            $this->denyAsNotFound();
        }

        $this->artwork = $artwork;

        return true;
    }

    public function rules(): array
    {
        return [
            'name' => 'required|string|max:255',
            'section' => 'nullable|integer',
            'description' => 'nullable|string',
            'artwork' => 'nullable|file|image',
            'attachment' => 'nullable|file',
        ];
    }

    public function artwork(): object
    {
        if (! $this->artwork) {
            $this->denyAsNotFound();
        }

        return $this->artwork;
    }

    private function denyAsNotFound(): void
    {
        throw new NotFoundHttpException();
    }

    private function logUnauthorized(string $reason): void
    {
        logger()->warning('Manage artwork update unauthorized access', [
            'reason' => $reason,
            'artwork_id' => $this->route('id'),
            'user_id' => $this->user()?->id,
            'ip' => $this->ip(),
        ]);
    }
}