package routes

import (
	"log"

	"gofaster/internal/auth/controller"
	"gofaster/internal/auth/repository"
	"gofaster/internal/auth/service"
	"gofaster/internal/shared/middleware"

	"github.com/gin-gonic/gin"
	"gorm.io/gorm"
)

// RegisterAuthRoutes 注册认证相关路由
func RegisterAuthRoutes(router *gin.RouterGroup, db *gorm.DB, jwtSecret string) {
	// 初始化仓库
	userRepo := repository.NewUserRepository(db)
	passwordPolicyRepo := repository.NewPasswordPolicyRepository(db)
	passwordHistoryRepo := repository.NewPasswordHistoryRepository(db)
	passwordResetRepo := repository.NewPasswordResetRepository(db)
	// captchaRepo := repository.NewCaptchaRepository(db) // 暂时注释掉，因为验证码生成逻辑在controller中

	// 初始化服务
	userService := service.NewUserService(userRepo, db)
	captchaRepo := repository.NewCaptchaRepository(db)
	authService := service.NewAuthService(userRepo, captchaRepo)
	passwordService := service.NewPasswordService(
		userRepo,
		passwordPolicyRepo,
		passwordHistoryRepo,
		passwordResetRepo,
	)

	// 初始化控制器
	userController := controller.NewUserController(userService)
	authController := controller.NewAuthController(authService)
	passwordController := controller.NewPasswordController(passwordService, userService)

	// 公开路由（无需认证）
	public := router.Group("/auth")
	{
		public.POST("/login", authController.Login)
		public.GET("/captcha", authController.GenerateCaptcha) // 添加验证码路由
		// public.POST("/register", userController.Register)  // 暂时注释掉，因为Register方法不存在
		public.GET("/password-policy", passwordController.GetPasswordPolicy)
		public.POST("/validate-password", passwordController.ValidatePassword)
	}

	// 需要认证的路由
	auth := router.Group("/auth")
	auth.Use(middleware.JWTAuth())
	{
		auth.POST("/logout", authController.Logout)
		// auth.GET("/profile", userController.GetProfile)  // 暂时注释掉，因为GetProfile方法不存在
		// auth.PUT("/profile", userController.UpdateProfile)  // 暂时注释掉，因为UpdateProfile方法不存在
		auth.POST("/change-password", passwordController.ChangePassword)
		auth.GET("/password-status", passwordController.CheckPasswordStatus)
		auth.GET("/userinfo", authController.GetUserInfo) // 添加缺失的userinfo路由
	}

	// 管理员路由
	admin := router.Group("/auth/admin")
	admin.Use(middleware.JWTAuth(), middleware.PermissionMiddleware(db, "auth", "admin"))
	{
		admin.GET("/users", userController.ListUsers)
		admin.POST("/users", userController.CreateUser)
		admin.GET("/users/:id", userController.GetUser)
		admin.PUT("/users/:id", userController.UpdateUser)
		admin.DELETE("/users/:id", userController.DeleteUser)
		admin.POST("/users/:id/reset-password", passwordController.ResetPassword)
		admin.PUT("/password-policy", passwordController.UpdatePasswordPolicy)
	}

	// 临时测试路由 - 简化权限检查
	testAdmin := router.Group("/auth/test-admin")
	testAdmin.Use(middleware.JWTAuth()) // 只检查JWT，不检查权限
	{
		testAdmin.GET("/users", userController.ListUsers)
	}

	// 注册资源管理路由
	RegisterResourceRoutes(router, db, jwtSecret)

	// 注册权限管理路由
	RegisterPermissionRoutes(router, db, jwtSecret)

	// 注册角色管理路由
	RegisterRoleRoutes(router, db, jwtSecret)

	log.Printf("✅ 认证路由注册完成")
}