using System.Net;
using Flawless.Server.Models;
using Microsoft.EntityFrameworkCore;

namespace Flawless.Server.Services;

public class AccessControlService(AppDbContext dbContext)
{
    public async Task<IEnumerable<string>> GetIpListAsync(IpPolicyType policyType)
    {
        return await dbContext.IpPolicies
            .Where(x => x.PolicyType == policyType)
            .Select(x => x.IpAddress)
            .ToListAsync();
    }

    public async Task UpdatePolicyAsync(IpPolicyType policyType, IEnumerable<string> ips)
    {
        var validIps = ips.Where(IsValidIp).Distinct().ToList();
        
        // 删除旧策略
        var existing = await dbContext.IpPolicies
            .Where(x => x.PolicyType == policyType)
            .ToListAsync();
        dbContext.IpPolicies.RemoveRange(existing);

        // 添加新策略
        var newPolicies = validIps.Select(ip => new IpPolicy
        {
            IpAddress = ip,
            PolicyType = policyType,
            CreatedAt = DateTime.UtcNow
        });
        
        await dbContext.IpPolicies.AddRangeAsync(newPolicies);
        
        await dbContext.SaveChangesAsync();
    }

    public async Task<bool> IsIpAllowedAsync(string ip)
    {
        if (!IsValidIp(ip)) return false;
        
        var policies = await dbContext.IpPolicies
            .Where(x => x.IpAddress == ip)
            .ToListAsync();

        var isWhitelisted = policies.Any(x => x.PolicyType == IpPolicyType.Whitelist);
        var isBlacklisted = policies.Any(x => x.PolicyType == IpPolicyType.Blacklist);
        
        // 如果有白名单记录则优先判断
        var hasAnyWhitelist = await dbContext.IpPolicies
            .AnyAsync(x => x.PolicyType == IpPolicyType.Whitelist);
            
        return hasAnyWhitelist ? 
            isWhitelisted && !isBlacklisted : 
            !isBlacklisted;
    }

    private static bool IsValidIp(string ip)
    {
        return IPAddress.TryParse(ip, out _);
    }
    
}