package api

import (
	"context"
	"next-terminal/server/common"
	"next-terminal/server/common/nt"
	"next-terminal/server/dto"
	"next-terminal/server/global/cache"
	"next-terminal/server/model"
	"next-terminal/server/repository"
	"next-terminal/server/service"
	"next-terminal/server/utils"

	"github.com/labstack/echo/v4"
)

type SetupApi struct{}

func (api SetupApi) SetupUserEndpoint(c echo.Context) error {
	var user dto.UserCreate
	if err := c.Bind(&user); err != nil {
		return err
	}

	count, err := repository.UserRepository.Count(context.TODO())
	if err != nil {
		return err
	}
	if count > 0 {
		return Fail(c, 0, "系统已初始化，禁止重复初始化")
	}

	passwd, err := utils.Encoder.Encode([]byte(user.Password))
	if err != nil {
		return err
	}

	u := model.User{
		ID:       utils.LongUUID(),
		Username: user.Username,
		Nickname: user.Nickname,
		Password: string(passwd),
		Type:     nt.TypeAdmin,
		Status:   nt.StatusEnabled,
		Online:   boolP(true),
	}
	if err := repository.UserRepository.Create(context.TODO(), &u); err != nil {
		return err
	}

	// 初始化角色和菜单
	if err := service.RoleService.Init(); err != nil {
		return err
	}

	return Success(c, nil)
}

func (api SetupApi) GetSetupStatusEndpoint(c echo.Context) error {
	count, err := repository.UserRepository.Count(context.TODO())
	if err != nil {
		return err
	}

	needSetup := count == 0
	return Success(c, map[string]bool{
		"needSetup": needSetup,
	})
}

func (api SetupApi) LoginStatusEndpoint(c echo.Context) error {
	token := GetToken(c)
	if token == "" {
		return Success(c, map[string]interface{}{
			"status":            "Unlogged",
			"passwordEnabled":   true,
			"webauthnEnabled":   false,
			"wechatWorkEnabled": false,
			"oidcEnabled":       false,
		})
	}

	authorization, ok := cache.TokenManager.Get(token)
	if !ok {
		return Success(c, map[string]interface{}{
			"status":            "Unlogged",
			"passwordEnabled":   true,
			"webauthnEnabled":   false,
			"wechatWorkEnabled": false,
			"oidcEnabled":       false,
		})
	}

	auth := authorization.(dto.Authorization)
	user := auth.User

	status := "Logged In"
	if user.TOTPSecret != "" && user.TOTPSecret != "-" {
		status = "OTP Required"
	}

	return Success(c, map[string]interface{}{
		"status":            status,
		"passwordEnabled":   true,
		"webauthnEnabled":   false,
		"wechatWorkEnabled": false,
		"oidcEnabled":       false,
	})
}

func (api SetupApi) ValidateTOTPEndpoint(c echo.Context) error {
	account, _ := GetCurrentAccount(c)

	var validateTOTP struct {
		TOTP string `json:"totp"`
	}
	if err := c.Bind(&validateTOTP); err != nil {
		return err
	}

	if account.TOTPSecret == "" || account.TOTPSecret == "-" {
		return Fail(c, -1, "未启用双因素认证")
	}

	if !common.Validate(validateTOTP.TOTP, account.TOTPSecret) {
		return Fail(c, -1, "验证码不正确")
	}

	return Success(c, nil)
}

func (api SetupApi) PasswordPolicyEndpoint(c echo.Context) error {
	return Success(c, map[string]interface{}{
		"minLength":              6,
		"minCharacterType":       0,
		"mustNotContainUsername": false,
		"mustNotBePalindrome":    false,
		"mustNotWeek":            false,
	})
}

func (api SetupApi) GetCaptchaEndpoint(c echo.Context) error {
	return Success(c, map[string]interface{}{
		"enabled": false,
		"key":     "",
		"captcha": "",
	})
}

func boolP(b bool) *bool {
	return &b
}