package migration

import (
	"fmt"
	"gofaster/internal/auth/model"
	"gofaster/internal/auth/repository"
	"gofaster/internal/shared/logger"

	"gorm.io/gorm"
)

// RunMigrations 运行数据库迁移
func RunMigrations(db *gorm.DB) error {
	log := logger.NewLogger("info", "")
	defer log.Sync()
	// 自动迁移用户表
	if err := db.AutoMigrate(&model.User{}); err != nil {
		return err
	}

	// 手动检查并添加可能缺失的字段
	if err := ensureUserFields(db); err != nil {
		return err
	}

	// 自动迁移角色表
	if err := db.AutoMigrate(&model.Role{}); err != nil {
		return err
	}

	// 自动迁移用户角色关联表
	if err := db.AutoMigrate(&model.UserRole{}); err != nil {
		return err
	}

	// 自动迁移验证码表
	if err := db.AutoMigrate(&repository.Captcha{}); err != nil {
		return err
	}

	// 自动迁移密码策略相关表
	if err := db.AutoMigrate(
		&model.PasswordPolicy{},
		&model.PasswordHistory{},
		&model.PasswordReset{},
	); err != nil {
		return err
	}

	// 自动迁移资源相关表
	if err := db.AutoMigrate(
		&model.Resource{},
		&model.ResourcePermission{},
	); err != nil {
		return err
	}

	// 自动迁移权限相关表
	if err := db.AutoMigrate(
		&model.Permission{},
		&model.RolePermission{},
	); err != nil {
		return err
	}

	// 为权限表添加code字段
	if err := AddPermissionCodeField(db); err != nil {
		return err
	}

	// 创建路由相关表
	if err := CreateRouteTables(db, log); err != nil {
		return err
	}

	// 移除相关表的 delete_at 字段
	if err := RemoveDeleteAtFields(db, log); err != nil {
		return err
	}

	// 为 frontend_backend_routes 表添加唯一索引
	if err := AddUniqueIndexToFrontendBackendRoutes(db, log); err != nil {
		return err
	}

	// 创建默认角色
	if err := createDefaultRoles(db); err != nil {
		return err
	}

	// 创建默认管理员用户
	if err := createDefaultAdmin(db); err != nil {
		return err
	}

	// 创建默认密码策略
	if err := createDefaultPasswordPolicy(db); err != nil {
		return err
	}

	// 创建默认权限
	if err := createDefaultPermissions(db); err != nil {
		return err
	}

	return nil
}

// ensureUserFields 确保用户表有必要的字段
func ensureUserFields(db *gorm.DB) error {
	// 检查PasswordChangedAt字段是否存在
	if !db.Migrator().HasColumn(&model.User{}, "password_changed_at") {
		fmt.Println("添加 password_changed_at 字段到 users 表")
		if err := db.Exec("ALTER TABLE users ADD COLUMN password_changed_at TIMESTAMP NULL").Error; err != nil {
			return fmt.Errorf("添加 password_changed_at 字段失败: %w", err)
		}
	}

	// 检查ForceChangePassword字段是否存在
	if !db.Migrator().HasColumn(&model.User{}, "force_change_password") {
		fmt.Println("添加 force_change_password 字段到 users 表")
		if err := db.Exec("ALTER TABLE users ADD COLUMN force_change_password BOOLEAN DEFAULT FALSE").Error; err != nil {
			return fmt.Errorf("添加 force_change_password 字段失败: %w", err)
		}
	}

	fmt.Println("用户表字段检查完成")
	return nil
}

// createDefaultRoles 创建默认角色
func createDefaultRoles(db *gorm.DB) error {
	// 检查是否已存在角色
	var count int64
	db.Model(&model.Role{}).Count(&count)
	if count > 0 {
		return nil // 已存在角色，跳过
	}

	roles := []model.Role{
		{
			Name:        "超级管理员",
			Code:        "SUPER_ADMIN",
			Description: "系统超级管理员，拥有所有权限",
		},
		{
			Name:        "管理员",
			Code:        "ADMIN",
			Description: "系统管理员，拥有大部分权限",
		},
		{
			Name:        "普通用户",
			Code:        "USER",
			Description: "普通用户，拥有基本权限",
		},
	}

	for _, role := range roles {
		if err := db.Create(&role).Error; err != nil {
			return err
		}
	}

	return nil
}

// createDefaultAdmin 创建默认管理员用户
func createDefaultAdmin(db *gorm.DB) error {
	// 检查是否已存在管理员用户
	var count int64
	db.Model(&model.User{}).Where("username = ?", "admin").Count(&count)
	if count > 0 {
		return nil // 已存在管理员用户，跳过
	}

	// 创建默认管理员用户
	adminUser := &model.User{
		Username: "admin",
		Password: "$2a$10$92IXUNpkjO0rOQ5byMi.Ye4oKoEa3Ro9llC/.og/at2.uheWG/igi", // "password"
		Email:    "admin@gofaster.com",
		Phone:    "13800138000",
		Status:   1, // 正常状态
	}

	if err := db.Create(adminUser).Error; err != nil {
		return err
	}

	// 获取超级管理员角色
	var superAdminRole model.Role
	if err := db.Where("code = ?", "SUPER_ADMIN").First(&superAdminRole).Error; err != nil {
		return err
	}

	// 关联超级管理员角色
	if err := db.Model(adminUser).Association("Roles").Append(&superAdminRole); err != nil {
		return err
	}

	return nil
}

// createDefaultPasswordPolicy 创建默认密码策略
func createDefaultPasswordPolicy(db *gorm.DB) error {
	// 检查是否已存在默认策略
	var count int64
	db.Model(&model.PasswordPolicy{}).Count(&count)
	if count > 0 {
		return nil // 已存在默认策略，跳过
	}

	// 创建默认密码策略（1级）
	defaultPolicy := &model.PasswordPolicy{
		Level:            1,
		MinRequiredLevel: 1, // 新增：要求最低1级强度
		MinLength:        6,
		RequireUppercase: false,
		RequireLowercase: false,
		RequireNumbers:   false,
		RequireSpecial:   false,
		MinCharTypes:     1,
		ExpirationDays:   30,
		PreventReuse:     3,
		IsActive:         true,
	}

	if err := db.Create(defaultPolicy).Error; err != nil {
		return err
	}

	return nil
}

// createDefaultPermissions 创建默认权限
func createDefaultPermissions(db *gorm.DB) error {
	// 检查是否已存在权限
	var count int64
	db.Model(&model.Permission{}).Count(&count)
	if count > 0 {
		return nil // 已存在权限，跳过
	}

	permissions := []model.Permission{
		// 用户管理权限
		{
			Name:        "查看用户列表",
			Code:        "user:list",
			Description: "查看系统用户列表",
			Resource:    "user",
			Action:      "list",
		},
		{
			Name:        "创建用户",
			Code:        "user:create",
			Description: "创建新用户",
			Resource:    "user",
			Action:      "create",
		},
		{
			Name:        "编辑用户",
			Code:        "user:update",
			Description: "编辑用户信息",
			Resource:    "user",
			Action:      "update",
		},
		{
			Name:        "删除用户",
			Code:        "user:delete",
			Description: "删除用户",
			Resource:    "user",
			Action:      "delete",
		},
		// 角色管理权限
		{
			Name:        "查看角色列表",
			Code:        "role:list",
			Description: "查看系统角色列表",
			Resource:    "role",
			Action:      "list",
		},
		{
			Name:        "创建角色",
			Code:        "role:create",
			Description: "创建新角色",
			Resource:    "role",
			Action:      "create",
		},
		{
			Name:        "编辑角色",
			Code:        "role:update",
			Description: "编辑角色信息",
			Resource:    "role",
			Action:      "update",
		},
		{
			Name:        "删除角色",
			Code:        "role:delete",
			Description: "删除角色",
			Resource:    "role",
			Action:      "delete",
		},
		{
			Name:        "分配角色权限",
			Code:        "role:assign_permissions",
			Description: "为角色分配权限",
			Resource:    "role",
			Action:      "assign_permissions",
		},
		// 权限管理权限
		{
			Name:        "查看权限列表",
			Code:        "permission:list",
			Description: "查看系统权限列表",
			Resource:    "permission",
			Action:      "list",
		},
		{
			Name:        "创建权限",
			Code:        "permission:create",
			Description: "创建新权限",
			Resource:    "permission",
			Action:      "create",
		},
		{
			Name:        "编辑权限",
			Code:        "permission:update",
			Description: "编辑权限信息",
			Resource:    "permission",
			Action:      "update",
		},
		{
			Name:        "删除权限",
			Code:        "permission:delete",
			Description: "删除权限",
			Resource:    "permission",
			Action:      "delete",
		},
		// 系统管理权限
		{
			Name:        "系统设置",
			Code:        "system:settings",
			Description: "管理系统设置",
			Resource:    "system",
			Action:      "settings",
		},
		{
			Name:        "查看系统日志",
			Code:        "system:logs",
			Description: "查看系统日志",
			Resource:    "system",
			Action:      "logs",
		},
	}

	for _, permission := range permissions {
		if err := db.Create(&permission).Error; err != nil {
			return err
		}
	}

	fmt.Println("✅ 默认权限创建完成")
	return nil
}