use crate::http::errors::LoginError;

/// Validates and filters incoming login requests.
///
/// Accepts an optional subject string and validates it for AT Protocol login.
/// Returns Ok(None) for None or empty inputs, Ok(Some(trimmed)) for valid inputs,
/// or an error for incomplete AT-handles that need ".bsky.social" suffix.
pub(crate) fn validate_login_input(subject: Option<&str>) -> Result<Option<String>, LoginError> {
    let subject = match subject {
        None => return Ok(None),
        Some(s) if s.trim().is_empty() => return Ok(None),
        Some(s) => s.trim(),
    };

    // Check for valid prefixes (AT-handle, DID, or HTTPS URL)
    if subject.starts_with('@')
        || subject.starts_with("https://")
        || subject.starts_with("at://")
        || subject.starts_with("did:")
    {
        return Ok(Some(subject.to_string()));
    }

    // Check if it looks like an incomplete AT-handle (alphanumeric with no dots)
    if subject.chars().all(|c| c.is_alphanumeric()) && !subject.contains('.') {
        return Err(LoginError::IncompleteHandle);
    }

    // For any other format, assume it's valid and let the resolver handle it
    Ok(Some(subject.to_string()))
}