package repository

import (
	"context"
	"database/sql"
	"errors"

	"code.nochebuena.dev/go/rbac"
	"code.nochebuena.dev/go/sqlite"
	"code.nochebuena.dev/go/xerrors"
	"code.nochebuena.dev/go/todo-api/internal/domain"
)

// UserRepository defines persistence operations for users and their role bits.
type UserRepository interface {
	FindAll(ctx context.Context) ([]domain.User, error)
	FindByID(ctx context.Context, id string) (domain.User, error)
	Create(ctx context.Context, user domain.User) (domain.User, error)
	SetPermissions(ctx context.Context, userID, resource string, mask rbac.PermissionMask) error
}

type userRepository struct {
	db sqlite.Client
}

// NewUserRepository returns a SQLite-backed UserRepository.
func NewUserRepository(db sqlite.Client) UserRepository {
	return &userRepository{db: db}
}

func (r *userRepository) FindAll(ctx context.Context) ([]domain.User, error) {
	rows, err := r.db.GetExecutor(ctx).QueryContext(ctx,
		`SELECT id, name, email, created_at FROM users ORDER BY created_at DESC`,
	)
	if err != nil {
		return nil, r.db.HandleError(err)
	}
	defer rows.Close()

	var users []domain.User
	for rows.Next() {
		var u domain.User
		if err := rows.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt); err != nil {
			return nil, err
		}
		users = append(users, u)
	}
	if err := rows.Err(); err != nil {
		return nil, err
	}
	if users == nil {
		users = []domain.User{}
	}
	return users, nil
}

func (r *userRepository) FindByID(ctx context.Context, id string) (domain.User, error) {
	row := r.db.GetExecutor(ctx).QueryRowContext(ctx,
		`SELECT id, name, email, created_at FROM users WHERE id = ?`, id,
	)
	var u domain.User
	if err := row.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt); err != nil {
		if errors.Is(err, sql.ErrNoRows) {
			return domain.User{}, xerrors.New(xerrors.ErrNotFound, "user not found")
		}
		return domain.User{}, r.db.HandleError(err)
	}
	return u, nil
}

func (r *userRepository) Create(ctx context.Context, user domain.User) (domain.User, error) {
	row := r.db.GetExecutor(ctx).QueryRowContext(ctx,
		`INSERT INTO users (id, name, email) VALUES (?, ?, ?)
		 RETURNING id, name, email, created_at`,
		user.ID, user.Name, user.Email,
	)
	var u domain.User
	if err := row.Scan(&u.ID, &u.Name, &u.Email, &u.CreatedAt); err != nil {
		return domain.User{}, r.db.HandleError(err)
	}
	return u, nil
}

func (r *userRepository) SetPermissions(ctx context.Context, userID, resource string, mask rbac.PermissionMask) error {
	_, err := r.db.GetExecutor(ctx).ExecContext(ctx,
		`INSERT INTO user_role (user_id, resource, permissions) VALUES (?, ?, ?)
		 ON CONFLICT (user_id, resource) DO UPDATE SET permissions = excluded.permissions`,
		userID, resource, int64(mask),
	)
	return err
}