# ============================================================
# Lambda Layer (shared dependencies)
# ============================================================
resource "aws_lambda_layer_version" "deps" {
  filename            = "${path.module}/../lambdas/layer.zip"
  layer_name          = "${local.prefix}-deps"
  compatible_runtimes = ["python3.12"]
  source_code_hash    = filebase64sha256("${path.module}/../lambdas/layer.zip")
}

# ============================================================
# IAM Role for Lambdas
# ============================================================
resource "aws_iam_role" "lambda" {
  name = "${local.prefix}-lambda-role"
  assume_role_policy = jsonencode({
    Version = "2012-10-17"
    Statement = [{
      Action = "sts:AssumeRole"
      Effect = "Allow"
      Principal = { Service = "lambda.amazonaws.com" }
    }]
  })
}

resource "aws_iam_role_policy" "lambda" {
  name = "${local.prefix}-lambda-policy"
  role = aws_iam_role.lambda.id
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Effect   = "Allow"
        Action   = ["logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents"]
        Resource = "arn:aws:logs:*:*:*"
      },
      {
        Effect   = "Allow"
        Action   = ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"]
        Resource = "${aws_s3_bucket.media.arn}/*"
      },
      {
        Effect   = "Allow"
        Action   = ["dynamodb:GetItem", "dynamodb:PutItem", "dynamodb:UpdateItem", "dynamodb:Scan"]
        Resource = [aws_dynamodb_table.users.arn, aws_dynamodb_table.jobs.arn]
      },
      {
        Effect   = "Allow"
        Action   = ["transcribe:StartTranscriptionJob", "transcribe:GetTranscriptionJob"]
        Resource = "*"
      },
      {
        Effect   = "Allow"
        Action   = ["ssm:GetParameter", "ssm:GetParameters"]
        Resource = "arn:aws:ssm:${var.aws_region}:*:parameter/${local.prefix}/*"
      },
      {
        Effect   = "Allow"
        Action   = ["states:StartExecution"]
        Resource = aws_sfn_state_machine.pipeline.arn
      },
    ]
  })
}

# ============================================================
# Lambda Functions
# ============================================================
locals {
  lambda_env = {
    PROJECT     = local.prefix
    S3_BUCKET   = aws_s3_bucket.media.id
    USERS_TABLE = aws_dynamodb_table.users.name
    JOBS_TABLE  = aws_dynamodb_table.jobs.name
    SSM_PREFIX  = "/${local.prefix}"
  }
}

resource "aws_lambda_function" "submit" {
  filename         = "${path.module}/../lambdas/submit.zip"
  function_name    = "${local.prefix}-submit"
  role             = aws_iam_role.lambda.arn
  handler          = "submit.handler"
  runtime          = "python3.12"
  timeout          = 30
  source_code_hash = filebase64sha256("${path.module}/../lambdas/submit.zip")
  layers           = [aws_lambda_layer_version.deps.arn]
  environment {
    variables = merge(local.lambda_env, {
      STATE_MACHINE = aws_sfn_state_machine.pipeline.arn
    })
  }
}

resource "aws_lambda_function" "download" {
  filename         = "${path.module}/../lambdas/download.zip"
  function_name    = "${local.prefix}-download"
  role             = aws_iam_role.lambda.arn
  handler          = "download.handler"
  runtime          = "python3.12"
  timeout          = 900
  memory_size      = 1024
  source_code_hash = filebase64sha256("${path.module}/../lambdas/download.zip")
  layers           = [aws_lambda_layer_version.deps.arn]
  environment { variables = local.lambda_env }
}

resource "aws_lambda_function" "transcribe" {
  filename         = "${path.module}/../lambdas/transcribe_start.zip"
  function_name    = "${local.prefix}-transcribe"
  role             = aws_iam_role.lambda.arn
  handler          = "transcribe_start.handler"
  runtime          = "python3.12"
  timeout          = 60
  source_code_hash = filebase64sha256("${path.module}/../lambdas/transcribe_start.zip")
  environment { variables = local.lambda_env }
}

resource "aws_lambda_function" "check" {
  filename         = "${path.module}/../lambdas/transcribe_check.zip"
  function_name    = "${local.prefix}-check"
  role             = aws_iam_role.lambda.arn
  handler          = "transcribe_check.handler"
  runtime          = "python3.12"
  timeout          = 60
  source_code_hash = filebase64sha256("${path.module}/../lambdas/transcribe_check.zip")
  environment { variables = local.lambda_env }
}

resource "aws_lambda_function" "summarize" {
  filename         = "${path.module}/../lambdas/summarize.zip"
  function_name    = "${local.prefix}-summarize"
  role             = aws_iam_role.lambda.arn
  handler          = "summarize.handler"
  runtime          = "python3.12"
  timeout          = 900
  memory_size      = 512
  source_code_hash = filebase64sha256("${path.module}/../lambdas/summarize.zip")
  layers           = [aws_lambda_layer_version.deps.arn]
  environment { variables = local.lambda_env }
}

resource "aws_lambda_function" "notify" {
  filename         = "${path.module}/../lambdas/notify.zip"
  function_name    = "${local.prefix}-notify"
  role             = aws_iam_role.lambda.arn
  handler          = "notify.handler"
  runtime          = "python3.12"
  timeout          = 60
  source_code_hash = filebase64sha256("${path.module}/../lambdas/notify.zip")
  environment { variables = local.lambda_env }
}