package service

import (
	"golang.org/x/crypto/bcrypt"
	"sghgogs.com/sghblog/authorization-service/domain/model/base"
	pb "sghgogs.com/sghblog/authorization-service/proto"
	"sghgogs.com/sghblog/common"
	"sghgogs.com/sghblog/common/errorcode"
)

// checkPasswordHash 验证用户输入的密码是否与存储的哈希值匹配
func checkPasswordHash(password, hash string) bool {
	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
	return err == nil
}
func (s *Service) AdminLogin(name, pwd string) (pb.AdminUser, error) {
	var user pb.AdminUser
	// 1.查询账号是否存在
	if exists, err := s.Repository.IsAdminUserExists(name); err != nil {
		return user, errorcode.New("authorization service", err.Error(), 500)
	} else {
		if !exists {
			return user, errorcode.New("authorization service", common.ErrorMessage[common.AccountDoesNotExist], 400)
		}
	}
	login, err := s.Repository.AdminLogin(name)
	// 3.查询用户信息
	if err != nil {
		return user, errorcode.New("authorization service", err.Error(), 500)
	}
	if !checkPasswordHash(pwd, login.Password) {
		return user, errorcode.BadRequest("authorization service", common.ErrorMessage[common.IncorrectPasswordErrorCode])
	}
	if login.Status == pb.StatusEnum_DELETED || login.Status == pb.StatusEnum_DISABLED {
		return user, errorcode.BadRequest("authorization service", common.ErrorMessage[common.AccountLockedErrorCode])
	}
	// checkPasswordHash
	adminUser := pb.AdminUser{
		Id:          login.ID,
		Username:    login.Username,
		PhoneNumber: login.PhoneNumber,
		Avatar:      login.Avatar,
		Email:       login.Email,
		Status:      login.Status,
		IsReserved:  login.IsReserved,
		CreatedAt:   ConvertTimeToInt64(login.CreatedAt),
		UpdatedAt:   ConvertTimeToInt64(*login.UpdatedAt),
		Roles:       base.RolesToProto(login),
		Teams:       base.TeamsToProto(login),
	}
	return adminUser, nil

}