package service

import (
	"context"
	"fmt"
	"github.com/pkg/errors"
	"golang.org/x/crypto/bcrypt"
	"gorm.io/gorm"
	"sghgogs.com/sghblog/authorization-service/domain/model/base"
	req "sghgogs.com/sghblog/authorization-service/domain/model/request"
	pb "sghgogs.com/sghblog/authorization-service/proto"
	"sghgogs.com/sghblog/authorization-service/utils/authutil"
	"sghgogs.com/sghblog/common"
	"sghgogs.com/sghblog/common/errorcode"
	"time"
)

func (s *Service) GetAdminUser(userId int64) (*pb.AdminUser, error) {
	var rsp pb.AdminUser
	if exists, err := s.Repository.IsAdminUserExists(userId); err != nil {
		return &rsp, errorcode.New("authorization service", err.Error(), 500)
	} else {
		if !exists {
			return &rsp, errorcode.New("authorization service", common.ErrorMessage[common.AccountDoesNotExist], 400)
		}
	}
	user, err := s.Repository.GetAdminUser(userId)
	if err != nil {
		return &rsp, errorcode.New("authorization service", err.Error(), 500)
	}

	var objUser pb.AdminUser
	common.SwapTo(user, &objUser)
	objUser.CreatedAt = ConvertTimeToInt64(user.CreatedAt)
	objUser.UpdatedAt = ConvertTimeToInt64(*user.UpdatedAt)
	objUser.Teams = base.TeamsToProto(user)
	objUser.Roles = base.RolesToProto(user)
	objUser.Status = user.Status
	return &objUser, nil
}

func (s *Service) ListAdminUsers(query *pb.ListAdminUsersRequest) ([]*pb.AdminUser, int64, error) {
	adminUsers, totalCount, err := s.Repository.ListAdminUsers(query)
	if err != nil {
		if errors.Is(err, gorm.ErrRecordNotFound) {
			return make([]*pb.AdminUser, 0), 0, nil // 记录不存在，角色不存在
		} else {
			return make([]*pb.AdminUser, 0), 0, err
		}
	}
	users := make([]*pb.AdminUser, 0)

	for _, item := range adminUsers {
		var user *pb.AdminUser
		common.SwapTo(item, &user)
		user.CreatedAt = ConvertTimeToInt64(item.CreatedAt)
		user.UpdatedAt = ConvertTimeToInt64(*item.UpdatedAt)
		user.Roles = base.RolesToProto(item)
		user.Teams = base.TeamsToProto(item)
		users = append(users, user)
	}
	return users, totalCount, nil
}

func (s *Service) RetrieveEnabledUsers() ([]*pb.AdminUser, error) {
	users := make([]*pb.AdminUser, 0)
	enabledUsers, err := s.Repository.RetrieveEnabledUsers()
	if err != nil {
		if errors.Is(err, gorm.ErrRecordNotFound) {
			return users, nil
		}
		return users, errorcode.New("authorization service", err.Error(), 500)
	}
	for _, user := range enabledUsers {
		users = append(users, &pb.AdminUser{
			Id:       user.ID,
			Username: user.Username,
		})
	}
	return users, nil
}

// hashPassword 使用 bcrypt 对密码进行哈希
func hashPassword(password string) (string, error) {
	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return "", err
	}
	return string(hash), nil
}

func (s *Service) CreateAdminUser(adminUser *pb.CreateAdminUserRequest) error {
	nowTime := time.Now()
	password, _ := hashPassword(adminUser.Password)
	user := req.AdminUser{
		Username:    adminUser.Username,
		Password:    password,
		PhoneNumber: adminUser.PhoneNumber,
		Email:       adminUser.Email,
		Avatar:      adminUser.Avatar,
		Status:      pb.StatusEnum_ENABLED,
		IsReserved:  false,
		CreatedAt:   nowTime,
		UpdatedAt:   nil,
	}
	if err := s.Repository.CreateAdminUser(&user, adminUser.Roles, adminUser.Teams); err != nil {
		return errorcode.New("authorization service", err.Error(), 400)
	}
	return nil
}

func (s *Service) UpdateAdminUser(adminUser *pb.UpdateAdminUserRequest) error {
	// 获取权限ID作为锁的键
	lockKey := fmt.Sprintf("update_admin_user_%d", adminUser.Id)
	lock := authutil.JWTAuthService.Mu.NewMutex(lockKey)
	// 获取锁，保证原子性
	if err := lock.Lock(); err != nil {
		return err
	}
	defer lock.Unlock()

	if exists, err := s.Repository.IsAdminUserExists(adminUser.Id); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	} else {
		if !exists {
			return errorcode.New("authorization service", common.ErrorMessage[common.AccountDoesNotExist], 400)
		}
	}
	if err := s.Repository.UpdateAdminUser(adminUser); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	}

	return nil
}

func (s *Service) DeleteAdminUser(ctx context.Context, userID int64) error {
	// 获取权限ID作为锁的键
	lockKey := fmt.Sprintf("delete_admin_user_%d", userID)
	lock := authutil.JWTAuthService.Mu.NewMutex(lockKey)
	// 获取锁，保证原子性
	if err := lock.Lock(); err != nil {
		return err
	}
	defer lock.Unlock()

	if exists, err := s.Repository.IsAdminUserExists(userID); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	} else {
		if !exists {
			return errorcode.New("authorization service", common.ErrorMessage[common.AccountDoesNotExist], 400)
		}
	}
	if err := s.Repository.DeleteAdminUser(userID); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	}
	return nil
}

func (s *Service) ToggleAdminUser(user *pb.ToggleAdminUserRequest) error {
	// 获取权限ID作为锁的键
	lockKey := fmt.Sprintf("toggle_admin_user_%d", user.UserId)
	lock := authutil.JWTAuthService.Mu.NewMutex(lockKey)
	// 获取锁，保证原子性
	if err := lock.Lock(); err != nil {
		return err
	}
	defer lock.Unlock()

	if exists, err := s.Repository.IsAdminUserExists(user.UserId); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	} else {
		if !exists {
			return errorcode.New("authorization service", common.ErrorMessage[common.AccountDoesNotExist], 400)
		}
	}
	if err := s.Repository.ToggleAdminUser(user); err != nil {
		return errorcode.New("authorization service", err.Error(), 500)
	}
	return nil
}