<?php

namespace App\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Session;
use Symfony\Component\HttpFoundation\Response;

/**
 * Debuggt Session-Änderungen vor VerifyCsrfToken.
 *
 * Diese Middleware läuft direkt vor Illuminate\Foundation\Http\Middleware\VerifyCsrfToken
 * und überprüft, ob CSRF-Probleme die Session regenerieren.
 */
class CsrfDebugger
{
    /**
     * Handle an incoming request.
     *
     * @param  \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response)  $next
     */
    public function handle(Request $request, Closure $next): Response
    {
        // Session-ID vor CSRF-Token-Überprüfung überprüfen
        $sessionIdBeforeCsrf = Session::getId();
        $domainResolverSessionId = $request->attributes->get('domain_resolver_session_id');

        if (config('app.debug')) {
            \Log::channel('domain')->debug('CsrfDebugger: VOR VerifyCsrfToken', [
                'session_id_before_csrf' => $sessionIdBeforeCsrf,
                'domain_resolver_session_id' => $domainResolverSessionId,
                'session_consistent_with_domain_resolver' => $domainResolverSessionId === $sessionIdBeforeCsrf,
                'request_method' => $request->method(),
                'request_path' => $request->path(),
                'has_csrf_token' => $request->has('_token'),
                'csrf_token_in_session' => Session::has('_token'),
                'request_host' => $request->getHost(),
                'middleware_position' => 'Vor VerifyCsrfToken'
            ]);
        }

        // Request weiterleiten (VerifyCsrfToken läuft hier)
        $response = $next($request);

        // Session-ID nach CSRF-Token-Überprüfung vergleichen
        $sessionIdAfterCsrf = Session::getId();

        if (config('app.debug')) {
            \Log::channel('domain')->debug('CsrfDebugger: NACH VerifyCsrfToken', [
                'session_id_before_csrf' => $sessionIdBeforeCsrf,
                'session_id_after_csrf' => $sessionIdAfterCsrf,
                'session_changed_by_csrf' => $sessionIdBeforeCsrf !== $sessionIdAfterCsrf,
                'domain_resolver_session_id' => $domainResolverSessionId,
                'request_method' => $request->method(),
                'request_path' => $request->path(),
                'response_status' => $response->getStatusCode(),
                'request_host' => $request->getHost()
            ]);

            if ($sessionIdBeforeCsrf !== $sessionIdAfterCsrf) {
                \Log::channel('domain')->warning('🚨 CsrfDebugger: VerifyCsrfToken hat Session-ID geändert!', [
                    'session_id_before' => $sessionIdBeforeCsrf,
                    'session_id_after' => $sessionIdAfterCsrf,
                    'domain_resolver_session_id' => $domainResolverSessionId,
                    'request_method' => $request->method(),
                    'request_path' => $request->path(),
                    'has_csrf_token' => $request->has('_token'),
                    'response_status' => $response->getStatusCode(),
                    'request_host' => $request->getHost(),
                    'user_agent' => $request->userAgent(),
                    'possible_cause' => 'CSRF-Token fehlt oder ist ungültig'
                ]);
            }
        }

        return $response;
    }
}