package service

import (
	"context"
	"fmt"
	"github.com/pkg/errors"
	"gorm.io/gorm"
	"sghgogs.com/sghblog/authorization-service/domain/model/base"
	req "sghgogs.com/sghblog/authorization-service/domain/model/request"
	pb "sghgogs.com/sghblog/authorization-service/proto"
	"sghgogs.com/sghblog/authorization-service/utils/authutil"
	"sghgogs.com/sghblog/common"
	"sghgogs.com/sghblog/common/errorcode"
	"time"
)

func (s *Service) GetAdminRole(roleId int64) (*pb.AdminRole, error) {
	var rsp *pb.AdminRole
	if exists, err := s.Repository.IsAdminRoleExists(roleId); err != nil {
		return rsp, errorcode.New("authorization service", err.Error(), 500)
	} else {
		if !exists {
			return rsp, errorcode.New("authorization service", common.ErrorMessage[common.InvalidRoleID], 400)
		}
	}
	if role, err := s.Repository.GetAdminRole(roleId); err != nil {
		return rsp, errorcode.New("authorization service", err.Error(), 500)
	} else {
		rsp = &pb.AdminRole{
			Id:          role.ID,
			Name:        role.Name,
			Description: role.Description,
			Users:       base.UsersToProto(role.Users),
			Permissions: base.PermissionsToProto(role.Permissions),
			CreatedBy:   role.CreatedBy,
			CreatedAt:   ConvertTimeToInt64(role.CreatedAt),
			UpdatedAt:   ConvertTimeToInt64(*role.UpdatedAt),
			Status:      role.Status,
			IsReserved:  role.IsReserved,
		}
		return rsp, nil
	}
}

func (s *Service) CreateAdminRole(ctx context.Context, role *pb.CreateAdminRoleRequest) error {
	_, createdBy, _, _ := ParseMetadata(ctx)
	adminRole := &req.AdminRole{
		Name:        role.Name,
		Description: role.Description,
		CreatedBy:   createdBy,
		CreatedAt:   time.Now(),
		Status:      pb.StatusEnum_ENABLED,
		IsReserved:  false,
		UpdatedAt:   nil,
	}
	if err := s.Repository.CreateAdminRole(adminRole, role.Users, role.Permissions); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	}
	return nil
}
func (s *Service) ListAdminRoles(query *pb.ListAdminRolesRequest) ([]*pb.AdminRole, int64, error) {
	roles, count, err := s.Repository.ListAdminRoles(query)
	items := make([]*pb.AdminRole, 0)
	if err != nil {
		if errors.Is(err, gorm.ErrRecordNotFound) {
			return items, 0, nil
		}
		return items, 0, errorcode.New("authorization service", err.Error(), 500)
	}
	for _, role := range roles {
		var item *pb.AdminRole
		common.SwapTo(role, &item)
		item.UpdatedAt = ConvertTimeToInt64(*role.UpdatedAt)
		item.CreatedAt = ConvertTimeToInt64(role.CreatedAt)
		item.Users = base.UsersToProto(role.Users)
		item.Status = role.Status
		item.Permissions = base.PermissionsToProto(role.Permissions)
		items = append(items, item)
	}
	return items, count, nil
}

func (s *Service) UpdateAdminRole(role *pb.UpdateAdminRoleRequest) error {
	// 获取权限ID作为锁的键
	lockKey := fmt.Sprintf("update_admin_role_%d", role.RoleId)
	lock := authutil.JWTAuthService.Mu.NewMutex(lockKey)
	// 获取锁，保证原子性
	if err := lock.Lock(); err != nil {
		return err
	}
	defer lock.Unlock()

	if exists, err := s.Repository.IsAdminRoleExists(role.RoleId); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	} else {
		if !exists {
			return errorcode.New("authorization service", common.ErrorMessage[common.InvalidRoleID], 400)
		}
	}
	if err := s.Repository.UpdateAdminRole(role); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	}
	return nil
}

func (s *Service) RetrieveEnabledRoles() ([]*pb.AdminRole, error) {
	roles := make([]*pb.AdminRole, 0)
	enabledRoles, err := s.Repository.RetrieveEnabledRoles()
	if err != nil {
		if errors.Is(err, gorm.ErrRecordNotFound) {
			return roles, nil
		}
		return roles, errorcode.New("authorization service", err.Error(), 500)
	}
	for _, role := range enabledRoles {
		roles = append(roles, &pb.AdminRole{
			Id:          role.ID,
			Name:        role.Name,
			Description: role.Description,
		})
	}
	return roles, nil
}

func (s *Service) DeleteAdminRole(roleId int64) error {
	// 获取权限ID作为锁的键
	lockKey := fmt.Sprintf("delete_admin_role_%d", roleId)
	lock := authutil.JWTAuthService.Mu.NewMutex(lockKey)
	// 获取锁，保证原子性
	if err := lock.Lock(); err != nil {
		return err
	}
	defer lock.Unlock()
	// 1.查询角色是否存在
	if exists, err := s.Repository.IsAdminRoleExists(roleId); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	} else {
		if !exists {
			return errorcode.New("authorization service", common.ErrorMessage[common.InvalidRoleID], 400)
		}
	}
	// 彻底删除角色
	if err := s.Repository.DeleteAdminRole(roleId); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	}
	return nil
}

func (s *Service) ToggleAdminRole(role *pb.ToggleAdminRoleRequest) error {
	// 获取权限ID作为锁的键
	lockKey := fmt.Sprintf("toggle_admin_role_%d", role.RoleId)
	lock := authutil.JWTAuthService.Mu.NewMutex(lockKey)
	// 获取锁，保证原子性
	if err := lock.Lock(); err != nil {
		return err
	}
	defer lock.Unlock()
	// 1.查询角色是否存在
	if exists, err := s.Repository.IsAdminRoleExists(role.RoleId); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	} else {
		if !exists {
			return errorcode.New("authorization service", common.ErrorMessage[common.InvalidRoleID], 400)
		}
	}
	if err := s.Repository.ToggleAdminRole(role); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	}
	return nil
}