package controller

import (
	"fmt"
	"net/http"
	"strconv"

	"gofaster/internal/auth/model"
	"gofaster/internal/auth/service"
	"gofaster/internal/shared/middleware"
	"gofaster/internal/shared/response"

	"github.com/gin-gonic/gin"
)

type PasswordController struct {
	passwordService *service.PasswordService
	userService     *service.UserService
}

func NewPasswordController(
	passwordService *service.PasswordService,
	userService *service.UserService,
) *PasswordController {
	return &PasswordController{
		passwordService: passwordService,
		userService:     userService,
	}
}

// ChangePassword 修改密码
func (c *PasswordController) ChangePassword(ctx *gin.Context) {
	var req model.PasswordChangeRequest
	if err := ctx.ShouldBindJSON(&req); err != nil {
		response.Error(ctx, http.StatusBadRequest, "请求参数错误", err.Error())
		return
	}

	// 添加调试日志
	fmt.Printf("密码修改请求: UserID=%d, CurrentPassword=%s, NewPassword=%s, ConfirmPassword=%s\n",
		req.UserID, req.CurrentPassword, req.NewPassword, req.ConfirmPassword)

	// 从JWT获取用户ID
	fmt.Printf("PasswordController - 开始从JWT获取用户ID\n")
	userID, exists := middleware.GetUserID(ctx)
	if !exists {
		fmt.Printf("PasswordController - GetUserID返回false，用户ID不存在\n")
		response.Error(ctx, http.StatusUnauthorized, "未授权", "用户ID不存在")
		return
	}

	fmt.Printf("PasswordController - GetUserID成功，用户ID: %d\n", userID)
	req.UserID = userID
	fmt.Printf("从JWT获取的用户ID: %d\n", req.UserID)

	// 验证新密码确认
	if req.NewPassword != req.ConfirmPassword {
		response.Error(ctx, http.StatusBadRequest, "密码确认失败", "新密码与确认密码不匹配")
		return
	}

	// 修改密码
	err := c.passwordService.ChangePassword(req.UserID, req.CurrentPassword, req.NewPassword)
	if err != nil {
		fmt.Printf("密码修改失败: %v\n", err)
		response.Error(ctx, http.StatusInternalServerError, "修改密码失败", err.Error())
		return
	}

	fmt.Printf("密码修改成功，用户ID: %d\n", req.UserID)
	response.Success(ctx, "密码修改成功", nil)
}

// ResetPassword 重置用户密码（管理员功能）
func (c *PasswordController) ResetPassword(ctx *gin.Context) {
	userIDStr := ctx.Param("id")
	userID, err := strconv.ParseUint(userIDStr, 10, 32)
	if err != nil {
		response.Error(ctx, http.StatusBadRequest, "用户ID格式错误", err.Error())
		return
	}

	// 从JWT获取操作人ID
	operatorID, exists := middleware.GetUserID(ctx)
	if !exists {
		response.Error(ctx, http.StatusUnauthorized, "未授权", "操作人ID不存在")
		return
	}

	// 重置密码
	tempPassword, err := c.passwordService.ResetPassword(uint(userID), operatorID)
	if err != nil {
		response.Error(ctx, http.StatusInternalServerError, "重置密码失败", err.Error())
		return
	}

	response.Success(ctx, "密码重置成功", gin.H{
		"temp_password": tempPassword,
		"message":       "用户首次登录后需要立即修改密码",
	})
}

// GetPasswordPolicy 获取密码策略
func (c *PasswordController) GetPasswordPolicy(ctx *gin.Context) {
	policy, err := c.passwordService.GetPasswordPolicy()
	if err != nil {
		response.Error(ctx, http.StatusInternalServerError, "获取密码策略失败", err.Error())
		return
	}

	response.Success(ctx, "获取密码策略成功", policy)
}

// ValidatePassword 验证密码强度
func (c *PasswordController) ValidatePassword(ctx *gin.Context) {
	var req struct {
		Password string `json:"password" binding:"required"`
	}

	if err := ctx.ShouldBindJSON(&req); err != nil {
		response.Error(ctx, http.StatusBadRequest, "请求参数错误", err.Error())
		return
	}

	// 验证密码
	result, err := c.passwordService.ValidatePassword(req.Password)
	if err != nil {
		response.Error(ctx, http.StatusInternalServerError, "密码验证失败", err.Error())
		return
	}

	response.Success(ctx, "密码验证完成", result)
}

// CheckPasswordStatus 检查用户密码状态
func (c *PasswordController) CheckPasswordStatus(ctx *gin.Context) {
	userID, exists := middleware.GetUserID(ctx)
	if !exists {
		response.Error(ctx, http.StatusUnauthorized, "未授权", "用户ID不存在")
		return
	}

	// 获取用户信息
	user, err := c.userService.GetByID(userID)
	if err != nil {
		response.Error(ctx, http.StatusInternalServerError, "获取用户信息失败", err.Error())
		return
	}

	// 检查密码过期
	isExpired, err := c.passwordService.CheckPasswordExpiration(user)
	if err != nil {
		response.Error(ctx, http.StatusInternalServerError, "检查密码过期失败", err.Error())
		return
	}

	// 检查是否需要强制修改密码
	forceChange := c.passwordService.CheckForceChangePassword(user)

	response.Success(ctx, "获取密码状态成功", gin.H{
		"force_change_password": forceChange,
		"password_expired":      isExpired,
		"password_changed_at":   user.PasswordChangedAt,
	})
}

// UpdatePasswordPolicy 更新密码策略（管理员功能）
func (c *PasswordController) UpdatePasswordPolicy(ctx *gin.Context) {
	var policy model.PasswordPolicy
	if err := ctx.ShouldBindJSON(&policy); err != nil {
		response.Error(ctx, http.StatusBadRequest, "请求参数错误", err.Error())
		return
	}

	// 这里需要调用密码策略服务来更新策略
	// 暂时返回成功，具体实现需要完善
	response.Success(ctx, "密码策略更新成功", policy)
}