using System.Net;
using Flawless.Communication.Request;
using Flawless.Communication.Response;
using Flawless.Server.Models;
using Flawless.Server.Services;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;

namespace Flawless.Server.Controllers;

[ApiController, Authorize(Roles = "admin"), Route("api/admin")]
public class AdminController(
    UserManager<AppUser> userManager,
    AccessControlService accessControlService,
    AppDbContext dbContext) : ControllerBase
{
    [HttpPost("superuser/{username}")]
    public async Task<IActionResult> SetSuperuserAsync(string username, bool toSuper)
    {
        var user = await userManager.FindByNameAsync(username);
        var optUser = (await userManager.GetUserAsync(HttpContext.User))!;
        
        if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
        if (optUser == user) return BadRequest(new FailedResponse("You cannot set/unset yourself to superuser!"));
        
        user.Admin = toSuper;
        await userManager.UpdateAsync(user);
        return Ok();
    }
    
    
    [HttpGet("superuser/{username}")]
    public async Task<ActionResult<bool>> GetSuperuserAsync(string username)
    {
        var user = await userManager.FindByNameAsync(username);
        if (user == null) return BadRequest(new FailedResponse("User does not exist!"));

        return user.Admin;
    }
    
    [HttpPost("user/delete/{username}")]
    public async Task<IActionResult> DeleteUserAsync(string username)
    {
        var user = await userManager.FindByNameAsync(username);
        
        if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
        var result = await userManager.DeleteAsync(user);

        if (!result.Succeeded) return BadRequest(new FailedResponse(result.Errors));
        return Ok();
    }
    
    [HttpPost("user/enable/{username}")]
    public async Task<IActionResult> EnableUserAsync(string username)
    {
        var user = await userManager.FindByNameAsync(username);
        
        if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
        var result = await userManager.SetLockoutEnabledAsync(user, false);

        if (!result.Succeeded) return BadRequest(new FailedResponse(result.Errors));
        return Ok();
    }
    
    [HttpPost("user/disable/{username}")]
    public async Task<IActionResult> DisableUserAsync(string username)
    {
        var user = await userManager.FindByNameAsync(username);
        
        if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
        var result = await userManager.SetLockoutEnabledAsync(user, true);

        if (!result.Succeeded) return BadRequest(new FailedResponse(result.Errors));
        return Ok();
    }

    [HttpPost("user/reset_password")]
    public async Task<IActionResult> ResetPasswordAsync(ResetPasswordRequest r)
    {
        if (r.Identity == null) return BadRequest(new FailedResponse("Identity (User Id) is not set!"));
        var user = await userManager.FindByIdAsync(r.Identity);
        
        if (user == null) return BadRequest(new FailedResponse("Identity (User Id) does not exist!"));
        var resetToken = await userManager.GeneratePasswordResetTokenAsync(user);
        var result = await userManager.ResetPasswordAsync(user, resetToken, r.NewPassword);
        
        if (!result.Succeeded) return BadRequest(new FailedResponse(result.Errors));
        return Ok();
    }

    [HttpPost("access_control/ip_whitelist")]
    public async Task<IActionResult> SetIpWhitelistAsync([FromBody] string[] ips)
    {
        await accessControlService.UpdatePolicyAsync(IpPolicyType.Whitelist, ips);
        return Ok();
    }
    
    [HttpGet("access_control/ip_whitelist")]
    public async Task<ActionResult<IEnumerable<string>>> GetIpWhitelistAsync()
    {
        return Ok(await accessControlService.GetIpListAsync(IpPolicyType.Whitelist));
    }
    
    [HttpPost("access_control/ip_blacklist")]
    public async Task<IActionResult> SetIpBlacklistAsync([FromBody] string[] ips)
    {
        await accessControlService.UpdatePolicyAsync(IpPolicyType.Blacklist, ips);
        return Ok();
    }
    
    [HttpGet("access_control/ip_blacklist")]
    public async Task<ActionResult<IEnumerable<string>>> GetIpBlacklistAsync()
    {
        return Ok(await accessControlService.GetIpListAsync(IpPolicyType.Blacklist));
    }

    [HttpGet("logs")]
    public async Task<ActionResult<IEnumerable<LogEntryResponse>>> GetSystemLogsAsync(
        [FromQuery] DateTime? startTime = null,
        [FromQuery] DateTime? endTime = null,
        [FromQuery] LogLevel? level = null,
        [FromQuery] int page = 1,
        [FromQuery] int pageSize = 50)
    {
        var query = dbContext.SystemLogs.AsQueryable();

        // 时间过滤
        if (startTime.HasValue)
            query = query.Where(l => l.Timestamp >= startTime);
        if (endTime.HasValue)
            query = query.Where(l => l.Timestamp <= endTime);

        // 日志级别过滤
        if (level.HasValue && level.Value != LogLevel.None)
            query = query.Where(l => l.LogLevel == level.Value);

        // 分页处理
        var totalCount = await query.CountAsync();
        var results = await query
            .OrderByDescending(l => l.Timestamp)
            .Skip((page - 1) * pageSize)
            .Take(pageSize)
            .Select(l => new LogEntryResponse(
                l.Timestamp,
                l.LogLevel.ToString(),
                l.Message,
                l.Exception))
            .ToListAsync();

        return Ok(new PaginatedResponse<LogEntryResponse>(results, totalCount, page, pageSize));
    }
}