package services

import (
	"errors"
	"fmt"
	"time"

	"github.com/golang-jwt/jwt/v5"
	"golang.org/x/crypto/bcrypt"

	"git.beifan.cn/trace-system/backend-go/config"
	"git.beifan.cn/trace-system/backend-go/database"
	"git.beifan.cn/trace-system/backend-go/models"
)

// AuthService 认证服务
type AuthService struct{}

// ValidateUser 验证用户身份
func (s *AuthService) ValidateUser(username string, password string) (*models.User, error) {
	var user models.User
	result := database.DB.Where("username = ?", username).First(&user)
	if result.Error != nil {
		return nil, fmt.Errorf("验证用户失败: %w", errors.New("用户名或密码错误"))
	}

	err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(password))
	if err != nil {
		return nil, fmt.Errorf("密码验证失败: %w", errors.New("用户名或密码错误"))
	}

	return &user, nil
}

// GenerateToken 生成 JWT 令牌
func (s *AuthService) GenerateToken(user *models.User) (string, error) {
	cfg := config.GetAppConfig()
	claims := jwt.MapClaims{
		"userId":   user.ID,
		"username": user.Username,
		"role":     user.Role,
		"exp":      time.Now().Add(time.Second * time.Duration(cfg.JWT.Expire)).Unix(),
		"iat":      time.Now().Unix(),
	}

	token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
	return token.SignedString([]byte(cfg.JWT.Secret))
}

// GetProfile 获取用户信息
func (s *AuthService) GetProfile(userId uint) (*models.UserDTO, error) {
	var user models.User
	result := database.DB.First(&user, userId)
	if result.Error != nil {
		return nil, fmt.Errorf("查询用户失败: %w", errors.New("用户不存在"))
	}

	return &models.UserDTO{
		ID:        user.ID,
		Username:  user.Username,
		Name:      user.Name,
		Email:     user.Email,
		Role:      user.Role,
		CreatedAt: user.CreatedAt,
	}, nil
}

// ChangePassword 修改密码
func (s *AuthService) ChangePassword(userId uint, currentPassword string, newPassword string) error {
	var user models.User
	result := database.DB.First(&user, userId)
	if result.Error != nil {
		return fmt.Errorf("查询用户失败: %w", errors.New("用户不存在"))
	}

	err := bcrypt.CompareHashAndPassword([]byte(user.Password), []byte(currentPassword))
	if err != nil {
		return fmt.Errorf("密码验证失败: %w", errors.New("当前密码错误"))
	}

	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost)
	if err != nil {
		return fmt.Errorf("密码加密失败: %w", err)
	}

	user.Password = string(hashedPassword)
	result = database.DB.Save(&user)
	if result.Error != nil {
		return fmt.Errorf("保存用户失败: %w", errors.New("密码修改失败"))
	}

	return nil
}

// UpdateProfile 更新用户信息
func (s *AuthService) UpdateProfile(userId uint, name string, email string) (*models.UserDTO, error) {
	var user models.User
	result := database.DB.First(&user, userId)
	if result.Error != nil {
		return nil, fmt.Errorf("查询用户失败: %w", errors.New("用户不存在"))
	}

	user.Name = name
	user.Email = email

	result = database.DB.Save(&user)
	if result.Error != nil {
		return nil, fmt.Errorf("保存用户失败: %w", errors.New("个人信息更新失败"))
	}

	return &models.UserDTO{
		ID:        user.ID,
		Username:  user.Username,
		Name:      user.Name,
		Email:     user.Email,
		Role:      user.Role,
		CreatedAt: user.CreatedAt,
	}, nil
}