package auth

import (
	"database/sql"
	"errors"
	_ "github.com/mattn/go-sqlite3"
	"golang.org/x/crypto/bcrypt"
	"time"
)

type Admin struct {
	ID        int       `json:"id"`
	Username  string    `json:"username"`
	Password  string    `json:"-"` // 不返回密碼
	IsActive  bool      `json:"is_active"`
	CreatedAt time.Time `json:"created_at"`
	UpdatedAt time.Time `json:"updated_at"`
}

type AuthService struct {
	db *sql.DB
}

func NewAuthService(dbPath string) (*AuthService, error) {
	db, err := sql.Open("sqlite3", dbPath)
	if err != nil {
		return nil, err
	}

	// 創建管理員表
	_, err = db.Exec(`
        CREATE TABLE IF NOT EXISTS admins (
            id INTEGER PRIMARY KEY AUTOINCREMENT,
            username TEXT UNIQUE NOT NULL,
            password TEXT NOT NULL,
            is_activate BOOLEAN NOT NULL,
            created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
            updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
        )
    `)
	if err != nil {
		return nil, err
	}

	return &AuthService{db: db}, nil
}

// 創建管理員
func (s *AuthService) CreateAdmin(username, password string) error {
	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	if err != nil {
		return err
	}

	_, err = s.db.Exec(
		"INSERT INTO admins (username, password) VALUES (?, ?)",
		username, string(hashedPassword),
	)
	return err
}

// 驗證管理員
func (s *AuthService) ValidateAdmin(username, password string) (*Admin, error) {
	admin := &Admin{}
	err := s.db.QueryRow(
		"SELECT id, username, password, is_active FROM admins WHERE username = ?",
		username,
	).Scan(&admin.ID, &admin.Username, &admin.Password, &admin.IsActive)

	if !admin.IsActive {
		return nil, errors.New("user is not a admin user")
	}

	if err != nil {
		return nil, err
	}

	err = bcrypt.CompareHashAndPassword([]byte(admin.Password), []byte(password))
	if err != nil {
		return nil, err
	}

	return admin, nil
}

// 獲取所有管理員
func (s *AuthService) GetAdmins() ([]Admin, error) {
	rows, err := s.db.Query("SELECT id, username, created_at, updated_at, is_active FROM admins")
	if err != nil {
		return nil, err
	}
	defer rows.Close()

	var admins []Admin
	for rows.Next() {
		var admin Admin
		err := rows.Scan(&admin.ID, &admin.Username, &admin.CreatedAt, &admin.UpdatedAt, &admin.IsActive)
		if err != nil {
			return nil, err
		}
		admins = append(admins, admin)
	}
	return admins, nil
}

// 更新管理員密碼
func (s *AuthService) UpdateAdminPassword(id string, newPassword string) error {
	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
	if err != nil {
		return err
	}

	_, err = s.db.Exec(
		"UPDATE admins SET password = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?",
		string(hashedPassword), id,
	)
	return err
}

func (s *AuthService) UpdateAdminActivate(id string, isActive bool) error {
	query := `UPDATE admins SET is_active = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?`
	_, err := s.db.Exec(query, isActive, id)

	return err
}

// 刪除管理員
func (s *AuthService) DeleteAdmin(id string) error {
	_, err := s.db.Exec("DELETE FROM admins WHERE id = ?", id)
	return err
}