package vfs_service

import (
	"crypto/rand"
	"fmt"
	"log"
	"time"

	"git.zzyxyz.com/zzy/zzyxyz_go_api/internal/vfs/models"
	"github.com/casbin/casbin/v2"
)

type UserService struct {
	// vfs          *models.VfsService
	vfs      *models.VfsDAO
	enforcer *casbin.Enforcer
	// errorHandler *ErrorHandler
}

func NewUserService(vfs *models.VfsDAO, enforcer *casbin.Enforcer) *UserService {
	return &UserService{
		vfs:      vfs,
		enforcer: enforcer,
	}
}

func generateToken() string {
	bytes := make([]byte, 16)
	if _, err := rand.Read(bytes); err != nil {
		// fallback to time-based token
		return fmt.Sprintf("%x", time.Now().UnixNano())
	}
	return fmt.Sprintf("%x", bytes)
}

func (s *UserService) CreateUser(username string) (*string, *VFSError) {
	token := generateToken()
	// 创建用户
	err := s.vfs.CreateUser(username, token)
	if err != nil {
		return nil, &VFSError{
			Type:  ErrorTypeUserCreationFailed,
			Error: err,
		}
	}

	// 为新用户添加角色
	_, err = s.enforcer.AddRoleForUser(username, "user")
	if err != nil {
		log.Printf("Failed to add role for user %s: %v", username, err)
	}

	// 保存策略
	s.enforcer.SavePolicy()

	// 返回带有token的响应
	return &token, nil
}

func (s *UserService) DeleteUser(username string) *VFSError {
	// 删除用户
	err := s.vfs.DeleteUser(username)
	if err != nil {
		return &VFSError{
			Type:  ErrorTypeUserDeletionFailed,
			Error: err,
		}
	}

	// 从权限系统中移除用户
	// 移除用户的所有角色
	_, err = s.enforcer.DeleteRolesForUser(username)
	if err != nil {
		log.Printf("Failed to delete roles for user %s: %v", username, err)
	}

	// 保存策略
	s.enforcer.SavePolicy()

	// 成功删除返回204状态
	return nil
}