using Microsoft.AspNetCore.DataProtection;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
using OTSSignsOrchestrator.Core.Models.Entities;

namespace OTSSignsOrchestrator.Core.Data;

public class XiboContext : DbContext
{
    private readonly IDataProtectionProvider? _dataProtection;

    public XiboContext(DbContextOptions<XiboContext> options, IDataProtectionProvider? dataProtection = null)
        : base(options)
    {
        _dataProtection = dataProtection;
    }

    public DbSet<CmsInstance> CmsInstances => Set<CmsInstance>();
    public DbSet<SshHost> SshHosts => Set<SshHost>();
    public DbSet<SecretMetadata> SecretMetadata => Set<SecretMetadata>();
    public DbSet<OperationLog> OperationLogs => Set<OperationLog>();
    public DbSet<AppSetting> AppSettings => Set<AppSetting>();

    protected override void OnModelCreating(ModelBuilder modelBuilder)
    {
        base.OnModelCreating(modelBuilder);

        // --- CmsInstance ---
        modelBuilder.Entity<CmsInstance>(entity =>
        {
            entity.HasIndex(e => e.StackName).IsUnique();
            entity.HasIndex(e => e.CustomerName);
            entity.HasQueryFilter(e => e.DeletedAt == null);

            entity.HasOne(e => e.SshHost)
                .WithMany(h => h.Instances)
                .HasForeignKey(e => e.SshHostId)
                .OnDelete(DeleteBehavior.SetNull);

            if (_dataProtection != null)
            {
                var protector = _dataProtection.CreateProtector("OTSSignsOrchestrator.CmsInstance");
                var pwdConverter = new ValueConverter<string?, string?>(
                    v => v != null ? protector.Protect(v) : null,
                    v => v != null ? protector.Unprotect(v) : null);

                entity.Property(e => e.XiboPassword).HasConversion(pwdConverter);
                entity.Property(e => e.XiboUsername).HasConversion(pwdConverter);
                entity.Property(e => e.TemplateRepoPat).HasConversion(pwdConverter);
                entity.Property(e => e.CifsPassword).HasConversion(pwdConverter);
            }
        });

        // --- SshHost ---
        modelBuilder.Entity<SshHost>(entity =>
        {
            entity.HasIndex(e => e.Label).IsUnique();

            if (_dataProtection != null)
            {
                var protector = _dataProtection.CreateProtector("OTSSignsOrchestrator.SshHost");
                var passphraseConverter = new ValueConverter<string?, string?>(
                    v => v != null ? protector.Protect(v) : null,
                    v => v != null ? protector.Unprotect(v) : null);
                var passwordConverter = new ValueConverter<string?, string?>(
                    v => v != null ? protector.Protect(v) : null,
                    v => v != null ? protector.Unprotect(v) : null);

                entity.Property(e => e.KeyPassphrase).HasConversion(passphraseConverter);
                entity.Property(e => e.Password).HasConversion(passwordConverter);
            }
        });

        // --- SecretMetadata ---
        modelBuilder.Entity<SecretMetadata>(entity =>
        {
            entity.HasIndex(e => e.Name).IsUnique();
        });

        // --- OperationLog ---
        modelBuilder.Entity<OperationLog>(entity =>
        {
            entity.HasIndex(e => e.Timestamp);
            entity.HasIndex(e => e.InstanceId);
            entity.HasIndex(e => e.Operation);
        });

        // --- AppSetting ---
        modelBuilder.Entity<AppSetting>(entity =>
        {
            entity.HasKey(e => e.Key);
            entity.HasIndex(e => e.Category);
        });
    }
}