package domain

import (
	"fmt"
	"strings"
	"time"

	"github.com/google/uuid"
	"gorm.io/gorm"
)

// User roles
const (
	RoleSuperAdmin  = "super_admin"  // 시스템 전역 관리자
	RoleTenantAdmin = "tenant_admin" // 테넌트 관리자
	RoleRPAdmin     = "rp_admin"     // 특정 앱(RP) 관리자
	RoleUser        = "user"         // 일반 사용자
)

// User statuses
const (
	UserStatusActive         = "active"
	UserStatusInactive       = "inactive"
	UserStatusSuspended      = "suspended"
	UserStatusLeaveOfAbsence = "leave_of_absence"
)

// NormalizeRole maps legacy/synonym role values to canonical role keys.
func NormalizeRole(role string) string {
	normalized := strings.ToLower(strings.TrimSpace(role))
	switch normalized {
	case RoleSuperAdmin, RoleTenantAdmin, RoleRPAdmin, RoleUser:
		return normalized
	case "tenant_member", "member":
		return RoleUser
	case "admin", "tenantadmin", "tenant-admin":
		return RoleTenantAdmin
	case "superadmin", "super-admin":
		return RoleSuperAdmin
	default:
		// Default any other business title (팀장, 그룹장, etc.) to a regular user.
		// These should be mapped to JobTitle or Position instead.
		return RoleUser
	}
}

// User represents the user model stored in PostgreSQL
type User struct {
	ID              string         `gorm:"primaryKey;type:uuid;default:gen_random_uuid()" json:"id"`
	Email           string         `gorm:"uniqueIndex;not null" json:"email"`
	PasswordHash    *string        `gorm:"column:password_hash" json:"-"`
	Name            string         `gorm:"column:name;not null" json:"name"`
	Phone           string         `gorm:"column:phone" json:"phone"`
	Role            string         `gorm:"column:role;default:'user';not null" json:"role"` // super_admin, tenant_admin, rp_admin, user
	AffiliationType string         `gorm:"column:affiliation_type" json:"affiliationType"`
	CompanyCode     string         `gorm:"column:company_code;index" json:"companyCode"`
	TenantID        *string        `gorm:"column:tenant_id;type:uuid;index" json:"tenantId,omitempty"`
	Tenant          *Tenant        `gorm:"foreignKey:TenantID" json:"tenant,omitempty"`
	RelyingPartyID  *string        `gorm:"column:relying_party_id;type:uuid;index" json:"relyingPartyId,omitempty"` // RP Admin용
	Department      string         `gorm:"column:department" json:"department"`
	Position        string         `gorm:"column:position" json:"position"`  // 직급 (예: 수석, 책임, 선임)
	JobTitle        string         `gorm:"column:job_title" json:"jobTitle"` // 직무 (예: 프론트엔드 개발, 기획)
	Metadata        JSONMap        `gorm:"column:metadata;type:jsonb" json:"metadata,omitempty"`
	Status          string         `gorm:"column:status;default:'active'" json:"status"`
	CreatedAt       time.Time      `gorm:"column:created_at" json:"createdAt"`
	UpdatedAt       time.Time      `gorm:"column:updated_at" json:"updatedAt"`
	DeletedAt       gorm.DeletedAt `gorm:"column:deleted_at;index" json:"-"`

	// Multiple identifiers support
	UserLoginIDs []UserLoginID `gorm:"foreignKey:UserID" json:"userLoginIds,omitempty"`
}

// UserLoginID represents multiple custom identifiers for a user
type UserLoginID struct {
	ID       string `gorm:"primaryKey;type:uuid;default:gen_random_uuid()" json:"id"`
	UserID   string `gorm:"type:uuid;not null;index" json:"userId"`
	TenantID string `gorm:"type:uuid;not null;index" json:"tenantId"` // 발급 테넌트
	FieldKey string `gorm:"not null" json:"fieldKey"`                 // 스키마 필드 키 (예: emp_id)
	LoginID  string `gorm:"uniqueIndex;not null" json:"loginId"`      // 실제 값 (예: EMP001)
}

// BeforeCreate hook to generate UUID if not present
func (u *User) BeforeCreate(tx *gorm.DB) (err error) {
	if u.ID == "" {
		u.ID = uuid.New().String()
	}
	return
}

// ValidateLoginID checks if the loginID violates any collision, length, or security rules.
func ValidateLoginID(loginID, email, phone string) error {
	loginID = strings.TrimSpace(loginID)
	if loginID == "" {
		return nil
	}

	if len(loginID) < 4 || len(loginID) > 30 {
		return fmt.Errorf("ID must be between 4 and 30 characters")
	}

	if strings.Contains(loginID, "@") {
		return fmt.Errorf("ID cannot be an email format")
	}

	if email != "" && strings.EqualFold(loginID, email) {
		return fmt.Errorf("ID cannot be the same as the email address")
	}

	if phone != "" {
		normalizedPhone := strings.ReplaceAll(phone, "-", "")
		normalizedPhone = strings.ReplaceAll(normalizedPhone, " ", "")
		if strings.HasPrefix(normalizedPhone, "010") {
			normalizedPhone = "+82" + normalizedPhone[1:]
		} else if strings.HasPrefix(normalizedPhone, "82") {
			normalizedPhone = "+" + normalizedPhone
		}

		if loginID == phone || loginID == normalizedPhone {
			return fmt.Errorf("ID cannot be the same as the phone number")
		}
	}

	isPureNumber := true
	loginIDDigits := strings.ReplaceAll(loginID, "-", "")
	loginIDDigits = strings.ReplaceAll(loginIDDigits, " ", "")
	for _, c := range loginIDDigits {
		if (c < '0' || c > '9') && c != '+' {
			isPureNumber = false
			break
		}
	}

	if isPureNumber && len(loginIDDigits) >= 10 && len(loginIDDigits) <= 12 {
		if strings.HasPrefix(loginIDDigits, "010") || strings.HasPrefix(loginIDDigits, "82") || strings.HasPrefix(loginIDDigits, "+82") {
			return fmt.Errorf("ID cannot be a phone number format")
		}
	}

	reserved := []string{"admin", "system", "root", "master", "superuser", "guest", "operator"}
	lowerID := strings.ToLower(loginID)
	for _, r := range reserved {
		if lowerID == r {
			return fmt.Errorf("reserved ID cannot be used")
		}
	}

	return nil
}