using Fengling.AuthService.DTOs;
using Fengling.AuthService.Models;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using OpenIddict.Abstractions;
using OpenIddict.Server.AspNetCore;
using System.Security.Claims;
using static OpenIddict.Abstractions.OpenIddictConstants;

namespace Fengling.AuthService.Controllers;

[ApiController]
[Route("api/[controller]")]
public class AuthController : ControllerBase
{
    private readonly SignInManager<ApplicationUser> _signInManager;
    private readonly UserManager<ApplicationUser> _userManager;
    private readonly IOpenIddictApplicationManager _applicationManager;
    private readonly IOpenIddictAuthorizationManager _authorizationManager;
    private readonly IOpenIddictScopeManager _scopeManager;
    private readonly ILogger<AuthController> _logger;

    public AuthController(
        SignInManager<ApplicationUser> signInManager,
        UserManager<ApplicationUser> userManager,
        IOpenIddictApplicationManager applicationManager,
        IOpenIddictAuthorizationManager authorizationManager,
        IOpenIddictScopeManager scopeManager,
        ILogger<AuthController> logger)
    {
        _signInManager = signInManager;
        _userManager = userManager;
        _applicationManager = applicationManager;
        _authorizationManager = authorizationManager;
        _scopeManager = scopeManager;
        _logger = logger;
    }

    [HttpPost("login")]
    public async Task<IActionResult> Login([FromBody] LoginRequest request)
    {
        var user = await _userManager.FindByNameAsync(request.UserName);
        if (user == null || user.IsDeleted)
        {
            return Unauthorized(new { error = "用户不存在" });
        }

        if (user.TenantId != request.TenantId)
        {
            return Unauthorized(new { error = "租户不匹配" });
        }

        var result = await _signInManager.CheckPasswordSignInAsync(user, request.Password, false);
        if (!result.Succeeded)
        {
            return Unauthorized(new { error = "用户名或密码错误" });
        }

        var token = await GenerateTokenAsync(user);
        return Ok(token);
    }

    private async Task<LoginResponse> GenerateTokenAsync(ApplicationUser user)
    {
        var claims = new List<System.Security.Claims.Claim>
        {
            new(Claims.Subject, user.Id.ToString()),
            new(Claims.Name, user.UserName ?? string.Empty),
            new(Claims.Email, user.Email ?? string.Empty),
            new("tenant_id", user.TenantId.ToString())
        };

        var roles = await _userManager.GetRolesAsync(user);
        foreach (var role in roles)
        {
            claims.Add(new Claim(Claims.Role, role));
        }

        var identity = new System.Security.Claims.ClaimsIdentity(claims, "Server");
        var principal = new System.Security.Claims.ClaimsPrincipal(identity);

        return new LoginResponse
        {
            AccessToken = "token-placeholder",
            RefreshToken = "refresh-placeholder",
            ExpiresIn = 3600,
            TokenType = "Bearer"
        };
    }
}