//! HTTP-specific error types and response handling.
//!
//! Error types for login failures, OAuth issues, and web request processing.
//! Includes conversion to appropriate HTTP status codes and responses.

use axum::http::StatusCode;
use axum::response::IntoResponse;
use axum::response::Response;
use thiserror::Error;

/// Represents errors that can occur during user login and authentication.
///
/// These errors typically happen during the authentication process when users
/// are logging in to the application, including OAuth flows and DID validation.
#[derive(Debug, Error)]
pub(super) enum LoginError {
    /// Error when a DID document does not contain a handle.
    ///
    /// This error occurs during authentication when the user's DID document
    /// is retrieved but does not contain a required handle identifier.
    #[error("error-login-1 DID document does not contain a handle")]
    NoHandle,

    /// Error when a DID document does not contain a PDS endpoint.
    ///
    /// This error occurs during authentication when the user's DID document
    /// is retrieved but does not contain a required AT Protocol Personal
    /// Data Server (PDS) endpoint.
    #[error("error-login-2 DID document does not contain an AT Protocol PDS endpoint")]
    NoPDS,

    /// Error when an OAuth callback is incomplete.
    ///
    /// This error occurs when the OAuth authentication flow callback
    /// returns with incomplete information, preventing successful authentication.
    #[error("error-login-3 OAuth callback incomplete")]
    OAuthCallbackIncomplete,

    /// Error when there is an OAuth issuer mismatch.
    ///
    /// This error occurs when the issuer in the OAuth response does not
    /// match the expected issuer, which could indicate a security issue.
    #[error("error-login-4 OAuth issuer mismatch")]
    OAuthIssuerMismatch,
}

/// Represents all possible errors that can occur in the HTTP layer.
///
/// This enum serves as an aggregation point for all domain-specific errors
/// in the application, allowing them to be handled uniformly at the HTTP boundary.
///
/// Most variants use transparent error forwarding to preserve the original error message
/// and error code, while a few web-specific errors have their own error code format:
/// `error-web-<number> <message>: <details>`
#[derive(Debug, Error)]
pub(super) enum WebError {
    /// Error when an unexpected error occurs that isn't covered by other error types.
    ///
    /// This error is a fallback for any unhandled errors in the system. In production,
    /// these should be rare as most errors should be properly typed.
    #[error("error-web-1 Unhandled web error: {0:?}")]
    Anyhow(#[from] anyhow::Error),
}

/// Implementation of Axum's `IntoResponse` trait for WebError.
///
/// This implementation converts errors into appropriate HTTP responses:
/// - Authentication errors use their specialized response handling
/// - All other errors are converted to a generic 500 Internal Server Error
///   and logged with the `tracing` system.
impl IntoResponse for WebError {
    fn into_response(self) -> Response {
        {
            tracing::error!(error = ?self, "internal server error");
            (StatusCode::INTERNAL_SERVER_ERROR).into_response()
        }
    }
}