package incheon.com.security.web;

import incheon.com.security.mapper.SecurityUserMapper;
import incheon.com.security.service.SecurityUserService;
import incheon.com.security.vo.LoginVO;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.*;

/**
 * 사용자 전환 REST API Controller
 */
@Tag(name = "사용자 전환", description = "사용자 전환 API")
@Slf4j
@RestController
@RequestMapping("/api/v1/security")
@RequiredArgsConstructor
public class SecurityUserSwitchApiController {

    private final SecurityUserMapper securityUserMapper;
    private final SecurityUserService securityUserService;

    private static final List<String> ALLOWED_ROLE_CDS = Arrays.asList(
            "UAT001", "UAT006", "UAT007", "UAT008"
    );

    /**
     * 사용자 전환 실행 (POST)
     */
    @Operation(summary = "사용자 전환 (POST)", description = "다른 사용자로 전환합니다")
    @PostMapping("/switchUser")
    public ResponseEntity<Map<String, Object>> switchUser(
            @Parameter(description = "전환할 사용자 ID", required = true)
            @RequestParam("targetUserId") String targetUserId,
            HttpServletRequest request) {

        Map<String, Object> response = new HashMap<>();

        try {
            log.info("사용자 전환: {}", targetUserId);

            // 1. 권한 확인
            int count = securityUserMapper.countImpersonationPermission(targetUserId, ALLOWED_ROLE_CDS);
            if (count == 0) {
                response.put("success", false);
                response.put("message", "해당 사용자는 전환 권한이 없습니다.");
                return ResponseEntity.status(HttpStatus.FORBIDDEN).body(response);
            }

            // 2. 사용자 조회
            LoginVO targetUser = securityUserService.getUserWithAuthrts(targetUserId);
            if (targetUser == null) {
                response.put("success", false);
                response.put("message", "사용자를 찾을 수 없습니다.");
                return ResponseEntity.status(HttpStatus.BAD_REQUEST).body(response);
            }

            // 3. 로그아웃
            HttpSession session = request.getSession(false);
            if (session != null) {
                session.invalidate();
            }

            // 4. 로그인
            HttpSession newSession = request.getSession(true);
            targetUser.setLoginTime(new Date());
            newSession.setAttribute("loginVO", targetUser);

            log.info("사용자 전환 성공: {}", targetUser.getUserNm());

            response.put("success", true);
            response.put("message", "사용자가 전환되었습니다.");

            return ResponseEntity.ok(response);

        } catch (Exception e) {
            log.error("[사용자 전환 실패]", e);
            response.put("success", false);
            response.put("message", "오류가 발생했습니다.");
            return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR).body(response);
        }
    }
}