package main

import (
	"backend/handlers"
	"backend/repositories"
	"database/sql"
	"fmt"
	"log"
	"net/http"

	"github.com/gin-contrib/sessions"
	"github.com/gin-contrib/sessions/cookie"
	"github.com/gin-gonic/gin"
	"github.com/jmoiron/sqlx"
	_ "github.com/lib/pq"
	"golang.org/x/crypto/bcrypt"
)

func SeedAdmin(db *sqlx.DB) error {
	var count int
	err := db.Get(&count, "SELECT count(*) FROM users WHERE role = 'admin'")
	if err != nil {
		return err
	}

	if count == 0 {
		hash, _ := bcrypt.GenerateFromPassword([]byte("admin"), bcrypt.DefaultCost)

		_, err = db.Exec(
			"INSERT INTO users (username, email, password_hash, role) VALUES ($1, $2, $3, $4)",
			"admin", "admin@localhost", string(hash), "admin",
		)
		if err == nil {
			fmt.Println("✅ Compte admin créé (admin / admin)")
		}
		return err
	}
	return nil
}

func NodeAuthMiddleware(repo *repositories.NodeRepository) gin.HandlerFunc {
	return func(c *gin.Context) {
		key := c.GetHeader("X-Node-API-Key")

		if key == "" {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "Clé API manquante"})
			c.Abort()
			return
		}

		isValid, err := repo.IsApiKeyValid(key)
		if err != nil || !isValid {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "Clé API invalide"})
			c.Abort()
			return
		}

		c.Next()
	}
}

func AuthRequired(c *gin.Context) {
	session := sessions.Default(c)
	userID := session.Get("user_id")

	if userID == nil {
		c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "Veuillez vous connecter"})
		return
	}

	c.Next()
}

func main() {

	r := gin.Default()
	store := cookie.NewStore([]byte("ma_cle_secrete_super_secure"))

	store.Options(sessions.Options{
		Path:     "/",
		MaxAge:   3600 * 8,
		HttpOnly: true,
		Secure:   false,
		SameSite: http.SameSiteLaxMode,
	})

	r.Use(sessions.Sessions("session_id", store))

	dsn := "host=db user=admin password=admin dbname=monitoring sslmode=disable"

	db, err := sql.Open("postgres", dsn)
	if err != nil {
		log.Fatal(err)
	}

	err = db.Ping()
	if err != nil {
		log.Fatal("Impossible de joindre la DB:", err)
	}

	dbSqlx := sqlx.NewDb(db, "postgres")

	if err := SeedAdmin(dbSqlx); err != nil {
		log.Printf("Erreur lors du seeding: %v", err)
	}
	nodeRepo := &repositories.NodeRepository{DB: dbSqlx}

	nodeHandler := &handlers.NodeHandler{
		Repo: nodeRepo,
	}

	api := r.Group("/api")
	{
		api.POST("/login", nodeHandler.LoginHandler)

		protected := api.Group("/")
		protected.Use(AuthRequired)
		{
			protected.DELETE("/deleteService", nodeHandler.HandleDeleteService)

			protected.POST("/createApiKey", nodeHandler.CreateApiKeyHandler)

			protected.GET("/retrieveNodeList", nodeHandler.HandleRetrieveNodeList)
			protected.GET("/retrieveApiKeys", nodeHandler.HandleRetrieveApiKeys)
		}

		nodes := api.Group("/")
		nodes.Use(NodeAuthMiddleware(nodeRepo))
		{
			nodes.POST("/register", nodeHandler.HandleRegisterNode)
			nodes.POST("/registerService", nodeHandler.HandleRegisterService)
			nodes.POST("/updateServiceStatus", nodeHandler.HandleUpdateServiceStatus)
		}
	}

	log.Println("Backend running on :8080")

	if err := r.Run(":8080"); err != nil {
		log.Fatalf("Erreur lors du lancement du serveur: %v", err)
	}
}