package storage

import (
	"context"
	"database/sql"
	"net/http"
	"time"

	securityHelpers "synlotto-website/internal/helpers/security"

	"synlotto-website/internal/logging"
	"synlotto-website/internal/platform/bootstrap"

	"github.com/gin-gonic/gin"
)

const insertRegistrationSQL = `
	INSERT INTO audit_registration
		(user_id, username, email, ip, user_agent, timestamp)
	VALUES (?, ?, ?, ?, ?, ?)
	`

func AdminOnly() gin.HandlerFunc {
	return func(c *gin.Context) {
		app := c.MustGet("app").(*bootstrap.App)
		sm := app.SessionManager
		ctx := c.Request.Context()

		// Require logged in (assumes RequireAuth already ran; this is a safety net)
		v := sm.Get(ctx, "user_id")
		var uid int64
		switch t := v.(type) {
		case int64:
			uid = t
		case int:
			uid = int64(t)
		default:
			c.Redirect(http.StatusSeeOther, "/account/login")
			c.Abort()
			return
		}

		// Check admin
		if !securityHelpers.IsAdmin(app.DB, int(uid)) {
			// Optional: log access attempt here or in a helper
			c.String(http.StatusForbidden, "Forbidden")
			c.Abort()
			return
		}

		// Optionally record access (moved here from storage)
		_, _ = app.DB.Exec(`
			INSERT INTO admin_access_log (user_id, path, ip, user_agent, accessed_at)
			VALUES ($1, $2, $3, $4, $5)
		`, uid, c.Request.URL.Path, c.ClientIP(), c.Request.UserAgent(), time.Now().UTC())

		c.Next()
	}
}

// Todo has to add in - db *sql.DB to make this work should this not be an import as all functions use it, more importantly no functions in storage just sql?
// Handler Call - auditlogStorage.LogLoginAttempt(db, r.RemoteAddr, r.UserAgent(), username, ok)
func LogLoginAttempt(db *sql.DB, rIP, rUA, username string, success bool) {
	_, err := db.Exec(
		`INSERT INTO audit_login (username, success, ip, user_agent, timestamp)
		 VALUES ($1, $2, $3, $4, $5)`,
		username, success, rIP, rUA, time.Now().UTC(),
	)
	if err != nil {
		logging.Info("❌ Failed to log login:", err)
	}
}

func LogSignup(db *sql.DB, userID int64, username, email, ip, userAgent string) {
	ctx, cancel := context.WithTimeout(context.Background(), 3*time.Second)
	defer cancel()

	_, err := db.ExecContext(ctx, insertRegistrationSQL,
		userID, username, email, ip, userAgent, time.Now().UTC(),
	)
	if err != nil {
		logging.Info("❌ Failed to log registration: %v", err)
	}
}