package seed

import (
	"time"

	"cockpit/internal/domain"

	"golang.org/x/crypto/bcrypt"
	"gorm.io/gorm"
)

func MustSeed(db *gorm.DB) {
	if err := db.AutoMigrate(
		&domain.User{},
		&domain.Role{},
		&domain.Permission{},
		&domain.UserRole{},
		&domain.RolePermission{},
		&domain.RefreshToken{},
		&domain.Customer{},
		&domain.Status{},
		&domain.Order{},
		&domain.ImportJob{},
		&domain.ImportJobError{},
	); err != nil {
		panic(err)
	}

	seedPermissions(db)
	seedAdmin(db)
	seedDefaultStatuses(db)
}

func seedPermissions(db *gorm.DB) {
	perms := []domain.Permission{
		{Code: "overview:view", Name: "查看总览", Type: "api"},
		{Code: "orders:read", Name: "查看订单", Type: "api"},
		{Code: "orders:write", Name: "编辑订单", Type: "api"},
		{Code: "import:preview", Name: "导入预览", Type: "api"},
		{Code: "import:commit", Name: "导入入库", Type: "api"},
		{Code: "dict:read", Name: "查看字典", Type: "api"},
		{Code: "dict:write", Name: "维护字典", Type: "api"},
		{Code: "admin:*", Name: "系统管理", Type: "api"},
	}
	for _, p := range perms {
		var existing domain.Permission
		if err := db.Where("code = ?", p.Code).First(&existing).Error; err == nil {
			continue
		}
		_ = db.Create(&p).Error
	}
}

func seedAdmin(db *gorm.DB) {
	// role
	var adminRole domain.Role
	if err := db.Where("name = ?", "admin").First(&adminRole).Error; err != nil {
		adminRole = domain.Role{Name: "admin", Description: "系统管理员"}
		_ = db.Create(&adminRole).Error
	}

	// user
	var admin domain.User
	if err := db.Where("username = ?", "admin").First(&admin).Error; err != nil {
		hash, _ := bcrypt.GenerateFromPassword([]byte("admin123"), bcrypt.DefaultCost)
		admin = domain.User{
			Username:     "admin",
			PasswordHash: string(hash),
			DisplayName:  "管理员",
			Enabled:      true,
			LastLoginAt:  ptrTime(time.Now()),
		}
		_ = db.Create(&admin).Error
	}

	// user_roles
	var ur domain.UserRole
	if err := db.Where("user_id = ? AND role_id = ?", admin.ID, adminRole.ID).First(&ur).Error; err != nil {
		_ = db.Create(&domain.UserRole{UserID: admin.ID, RoleID: adminRole.ID}).Error
	}

	// role_permissions: grant all existing permissions to admin
	var perms []domain.Permission
	_ = db.Find(&perms).Error
	for _, p := range perms {
		var rp domain.RolePermission
		if err := db.Where("role_id = ? AND permission_id = ?", adminRole.ID, p.ID).First(&rp).Error; err == nil {
			continue
		}
		_ = db.Create(&domain.RolePermission{RoleID: adminRole.ID, PermissionID: p.ID}).Error
	}
}

func seedDefaultStatuses(db *gorm.DB) {
	defaults := []domain.Status{
		{Name: "未出货", SortOrder: 1, Color: "#ef4444"},
		{Name: "部分出货", SortOrder: 2, Color: "#f59e0b"},
		{Name: "已出货", SortOrder: 3, Color: "#22c55e"},
	}
	for _, s := range defaults {
		var existing domain.Status
		if err := db.Where("name = ?", s.Name).First(&existing).Error; err == nil {
			continue
		}
		_ = db.Create(&s).Error
	}
}

func ptrTime(t time.Time) *time.Time { return &t }