/*
 * Authentication service for basic PoC login.
 * 
 * Provides simple username/password verification:
 * - Admin: credentials stored in admin_credentials table
 * - User: email/password stored in admin_users table
 * 
 * Note: This is a proof-of-concept implementation without advanced security
 * features like password hashing, rate limiting, or JWT tokens.
 */

import { query } from '../db/pool.js';

/**
 * Verify admin credentials against admin_credentials table.
 * @param {string} username - Admin username
 * @param {string} password - Admin password (plain text for PoC)
 * @returns {Promise<{valid: boolean, admin?: object}>}
 */
export async function verifyAdminCredentials(username, password) {
  const rows = await query(
    'SELECT id, username FROM admin_credentials WHERE username = ? AND password = ? LIMIT 1',
    [username, password]
  );

  if (rows.length === 0) {
    return { valid: false };
  }

  return {
    valid: true,
    admin: { id: rows[0].id, username: rows[0].username, role: 'admin' }
  };
}

/**
 * Verify user credentials against admin_users table.
 * @param {string} email - User email
 * @param {string} password - User password (stored in password_hash column)
 * @returns {Promise<{valid: boolean, user?: object}>}
 */
export async function verifyUserCredentials(email, password) {
  const rows = await query(
    `SELECT id, email, name, family_name AS familyName, company, role 
     FROM admin_users 
     WHERE email = ? AND password_hash = ? LIMIT 1`,
    [email, password]
  );

  if (rows.length === 0) {
    return { valid: false };
  }

  const user = rows[0];
  return {
    valid: true,
    user: {
      id: user.id,
      email: user.email,
      name: user.name,
      familyName: user.familyName,
      company: user.company,
      role: user.role
    }
  };
}

/**
 * Generate a simple session token (for PoC, just a random string).
 * In production, use proper JWT or secure session management.
 */
export function generateSessionToken() {
  return Math.random().toString(36).substring(2) + Date.now().toString(36);
}

/* In-memory session store (for PoC only - not suitable for production) */
const sessions = new Map();

/**
 * Create a session for an authenticated user/admin.
 */
export function createSession(token, data) {
  sessions.set(token, { ...data, createdAt: Date.now() });
}

/**
 * Get session data by token.
 */
export function getSession(token) {
  return sessions.get(token) || null;
}

/**
 * Remove a session (logout).
 */
export function removeSession(token) {
  sessions.delete(token);
}

/**
 * Validate session is still valid (exists and not expired).
 * Sessions expire after 24 hours for PoC.
 */
export function validateSession(token) {
  const session = sessions.get(token);
  if (!session) return null;

  const maxAge = 24 * 60 * 60 * 1000; // 24 hours
  if (Date.now() - session.createdAt > maxAge) {
    sessions.delete(token);
    return null;
  }

  return session;
}