package pub

import (
	"context"
	"database/sql"
	"errors"
	"testing"
	"time"

	"perms-system-server/internal/config"
	userModel "perms-system-server/internal/model/user"
	"perms-system-server/internal/response"
	"perms-system-server/internal/svc"
	"perms-system-server/internal/testutil"
	"perms-system-server/internal/types"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
)

func newAdminCaptchaDisabledSvcCtx() *svc.ServiceContext {
	cfg := testutil.GetTestConfig()
	cfg.Capjs = config.CapjsConf{Enable: 0}
	return svc.NewServiceContext(cfg)
}

func insertSuperAdmin(t *testing.T, ctx context.Context, svcCtx *svc.ServiceContext, username, password string) (int64, func()) {
	t.Helper()
	conn := testutil.GetTestSqlConn()
	now := time.Now().Unix()
	hashed := testutil.HashPassword(password)
	res, err := svcCtx.SysUserModel.Insert(ctx, &userModel.SysUser{
		Username:           username,
		Password:           hashed,
		Nickname:           username,
		Avatar:             sql.NullString{},
		Email:              username + "@test.com",
		Phone:              "13800000000",
		Remark:             "",
		DeptId:             0,
		IsSuperAdmin:       1,
		MustChangePassword: 2,
		Status:             1,
		CreateTime:         now,
		UpdateTime:         now,
	})
	require.NoError(t, err)
	id, _ := res.LastInsertId()
	cleanup := func() {
		testutil.CleanTable(ctx, conn, "`sys_user`", id)
	}
	return id, cleanup
}

// TC-1216: cap.js 未启用 + 验证码为空
func TestAdminLogin_CaptchaDisabled_EmptyCaptcha(t *testing.T) {
	svcCtx := newAdminCaptchaDisabledSvcCtx()
	logic := NewAdminLoginLogic(context.Background(), svcCtx)

	resp, err := logic.AdminLogin(&types.AdminLoginReq{
		Username:      "admin",
		Password:      "pass",
		ManagementKey: "test-management-key",
		CaptchaId:     "",
		CaptchaCode:   "",
	})
	require.Nil(t, resp)
	require.Error(t, err)

	var codeErr *response.CodeError
	require.True(t, errors.As(err, &codeErr))
	assert.Equal(t, 400, codeErr.Code())
	assert.Contains(t, codeErr.Error(), "验证码不能为空")
}

// TC-1217: cap.js 未启用 + 验证码错误/过期
func TestAdminLogin_CaptchaDisabled_WrongCaptcha(t *testing.T) {
	svcCtx := newAdminCaptchaDisabledSvcCtx()
	logic := NewAdminLoginLogic(context.Background(), svcCtx)

	resp, err := logic.AdminLogin(&types.AdminLoginReq{
		Username:      "admin",
		Password:      "pass",
		ManagementKey: "test-management-key",
		CaptchaId:     "bad_id",
		CaptchaCode:   "0000",
	})
	require.Nil(t, resp)
	require.Error(t, err)

	var codeErr *response.CodeError
	require.True(t, errors.As(err, &codeErr))
	assert.Equal(t, 400, codeErr.Code())
	assert.Contains(t, codeErr.Error(), "验证码错误或已过期")
}

// TC-1218: cap.js 未启用 + 验证码正确 → 超管正常登录
func TestAdminLogin_CaptchaDisabled_CorrectCaptcha(t *testing.T) {
	ctx := context.Background()
	svcCtx := newAdminCaptchaDisabledSvcCtx()
	username := testutil.UniqueId()
	password := "SuperPass123"

	_, cleanUser := insertSuperAdmin(t, ctx, svcCtx, username, password)
	t.Cleanup(cleanUser)

	captchaId := "test_admin_captcha_" + testutil.UniqueId()
	captchaCode := "4321"
	defaultCaptchaStore.Set(captchaId, captchaCode)

	logic := NewAdminLoginLogic(ctx, svcCtx)
	resp, err := logic.AdminLogin(&types.AdminLoginReq{
		Username:      username,
		Password:      password,
		ManagementKey: "test-management-key",
		CaptchaId:     captchaId,
		CaptchaCode:   captchaCode,
	})
	require.NoError(t, err)
	require.NotNil(t, resp)
	assert.NotEmpty(t, resp.AccessToken)
	assert.NotEmpty(t, resp.RefreshToken)
	assert.Equal(t, int64(1), resp.UserInfo.IsSuperAdmin)
}