// TenerifeProp - API Client
const API_BASE = '/api';

class API {
  // Auth
  static async login(email, password) {
    try {
      const response = await fetch(`${API_BASE}/auth/login`, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' },
        body: JSON.stringify({ email, password })
      });
      return response.json();
    } catch (error) {
      return { success: false, error: 'Error de conexión' };
    }
  }

  static async logout() {
    try {
      const response = await fetch(`${API_BASE}/auth/logout`, {
        method: 'POST',
        headers: { 'Content-Type': 'application/json' }
      });
      return response.json();
    } catch (error) {
      return { success: false, error: 'Error de conexión' };
    }
  }

  static async getMe() {
    try {
      const response = await fetch(`${API_BASE}/auth/me`);
      return response.json();
    } catch (error) {
      return { success: false, error: 'Error de conexión' };
    }
  }

  static async getCsrfToken() {
    try {
      const response = await fetch(`${API_BASE}/csrf-token`);
      return response.json();
    } catch (error) {
      return { success: false, error: 'Error de conexión' };
    }
  }

  // Properties
  static async getProperties(filters = {}) {
    const params = new URLSearchParams(filters);
    const response = await fetch(`${API_BASE}/properties?${params}`);
    return response.json();
  }

  static async getProperty(slug, lang = 'es') {
    const response = await fetch(`${API_BASE}/properties/${slug}?lang=${lang}`);
    return response.json();
  }

  static async getPropertyBySlug(slug, lang = 'es') {
    const response = await fetch(`${API_BASE}/properties/${slug}?lang=${lang}`);
    return response.json();
  }

  static async getFeaturedProperties(lang = 'es') {
    const response = await fetch(`${API_BASE}/properties/featured?lang=${lang}`);
    return response.json();
  }

  // Admin Properties
  static async createProperty(data) {
    const response = await fetch(`${API_BASE}/admin/properties`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  static async updateProperty(id, data) {
    const response = await fetch(`${API_BASE}/admin/properties/${id}`, {
      method: 'PUT',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  static async deleteProperty(id) {
    const response = await fetch(`${API_BASE}/admin/properties/${id}`, {
      method: 'DELETE'
    });
    return response.json();
  }

  // Leads
  static async createLead(data) {
    // Input validation
    if (!data.name || typeof data.name !== 'string' || data.name.trim().length < 2) {
      return { success: false, error: 'Name is required (min 2 characters)' }
    }
    // Proper email validation
    const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/
    if (!data.email || typeof data.email !== 'string' || !emailRegex.test(data.email)) {
      return { success: false, error: 'Valid email is required' }
    }
    // Sanitize inputs to prevent XSS
    const sanitize = (str) => str ? String(str).replace(/[<>]/g, '') : ''
    const sanitizedData = {
      name: sanitize(data.name),
      email: data.email,
      phone: sanitize(data.phone),
      message: sanitize(data.message),
      property_id: data.property_id,
      language: data.language
    }
    
    const response = await fetch(`${API_BASE}/leads`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(sanitizedData)
    });
    return response.json();
  }

  static async getLeads(filters = {}) {
    const params = new URLSearchParams(filters);
    const response = await fetch(`${API_BASE}/admin/leads?${params}`);
    return response.json();
  }

  static async updateLead(id, data) {
    const response = await fetch(`${API_BASE}/admin/leads/${id}`, {
      method: 'PUT',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  static async deleteLead(id) {
    const response = await fetch(`${API_BASE}/admin/leads/${id}`, {
      method: 'DELETE'
    });
    return response.json();
  }

  // Content
  static async getTestimonials(lang = 'es') {
    const response = await fetch(`${API_BASE}/testimonials?lang=${lang}`);
    return response.json();
  }

  static async createTestimonial(data) {
    const response = await fetch(`${API_BASE}/admin/testimonials`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  static async updateTestimonial(id, data) {
    const response = await fetch(`${API_BASE}/admin/testimonials/${id}`, {
      method: 'PUT',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  static async deleteTestimonial(id) {
    const response = await fetch(`${API_BASE}/admin/testimonials/${id}`, {
      method: 'DELETE'
    });
    return response.json();
  }

  static async getFAQ(lang = 'es') {
    const response = await fetch(`${API_BASE}/faq?lang=${lang}`);
    return response.json();
  }

  static async createFAQ(data) {
    const response = await fetch(`${API_BASE}/admin/faq`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  static async updateFAQ(id, data) {
    const response = await fetch(`${API_BASE}/admin/faq/${id}`, {
      method: 'PUT',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  static async deleteFAQ(id) {
    const response = await fetch(`${API_BASE}/admin/faq/${id}`, {
      method: 'DELETE'
    });
    return response.json();
  }

  static async getServices(lang = 'es') {
    const response = await fetch(`${API_BASE}/services?lang=${lang}`);
    return response.json();
  }

  static async createService(data) {
    const response = await fetch(`${API_BASE}/admin/services`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  static async updateService(id, data) {
    const response = await fetch(`${API_BASE}/admin/services/${id}`, {
      method: 'PUT',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  static async deleteService(id) {
    const response = await fetch(`${API_BASE}/admin/services/${id}`, {
      method: 'DELETE'
    });
    return response.json();
  }

  static async getSettings() {
    const response = await fetch(`${API_BASE}/settings`);
    return response.json();
  }

  static async updateSettings(data) {
    const response = await fetch(`${API_BASE}/admin/settings`, {
      method: 'PUT',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify(data)
    });
    return response.json();
  }

  // Admin Stats
  static async getAdminStats() {
    const response = await fetch(`${API_BASE}/admin/stats`);
    return response.json();
  }

  // Analytics
  static async trackEvent(type, data = {}) {
    let sessionId = localStorage.getItem('session_id');
    if (!sessionId) {
      // Fallback for non-secure contexts (HTTP)
      sessionId = crypto.randomUUID ? crypto.randomUUID() : 'session_' + Date.now() + '_' + Math.random().toString(36).substr(2, 9);
      localStorage.setItem('session_id', sessionId);
    }
    
    await fetch(`${API_BASE}/analytics/event`, {
      method: 'POST',
      headers: { 'Content-Type': 'application/json' },
      body: JSON.stringify({
        type,
        session_id: sessionId,
        ...data
      })
    });
  }

  // Cities
  static async getCities() {
    const response = await fetch(`${API_BASE}/cities`);
    return response.json();
  }
}

// Export for use
window.API = API;