using AMREZ.EOP.Domain.Entities.Authentications;
using AMREZ.EOP.Domain.Shared._Users;

namespace AMREZ.EOP.Abstractions.Infrastructures.Repositories;

public interface IUserRepository
{
    // ===== Users/Identities/Password/MFA (ของเดิม) =====
    Task<User?> FindByIdAsync(Guid userId, CancellationToken ct = default);
    Task<User?> FindActiveByEmailAsync(string email, CancellationToken ct = default);
    Task<bool>  EmailExistsAsync(string email, CancellationToken ct = default);
    Task AddAsync(User user, CancellationToken ct = default);

    Task AddIdentityAsync(Guid userId, IdentityType type, string identifier, bool isPrimary, CancellationToken ct = default);
    Task VerifyIdentityAsync(Guid userId, IdentityType type, string identifier, DateTimeOffset verifiedAt, CancellationToken ct = default);
    Task<UserIdentity?> GetPrimaryIdentityAsync(Guid userId, IdentityType type, CancellationToken ct = default);

    Task ChangePasswordAsync(Guid userId, string newPasswordHash, CancellationToken ct = default);
    Task AddPasswordHistoryAsync(Guid userId, string passwordHash, CancellationToken ct = default);

    Task<UserMfaFactor> AddTotpFactorAsync(Guid userId, string label, string secret, CancellationToken ct = default);
    Task DisableMfaFactorAsync(Guid factorId, CancellationToken ct = default);
    Task<bool> HasAnyMfaAsync(Guid userId, CancellationToken ct = default);

    // ===== Sessions (เก็บ refresh ไว้ใน session) =====
    Task<UserSession> CreateSessionAsync(UserSession session, CancellationToken ct = default);
    Task<UserSession?> FindSessionByRefreshHashAsync(Guid tenantId, string refreshTokenHash, CancellationToken ct = default);
    Task<bool> RotateSessionRefreshAsync(Guid tenantId, Guid sessionId, string newRefreshTokenHash, DateTimeOffset newIssuedAt, DateTimeOffset? newExpiresAt, CancellationToken ct = default);
    Task<int> RevokeSessionAsync(Guid userId, Guid sessionId, CancellationToken ct = default);
    Task<int> RevokeAllSessionsAsync(Guid userId, CancellationToken ct = default);
    Task<bool> IsSessionActiveAsync(Guid userId, Guid sessionId, CancellationToken ct = default);

    // ===== Kill switches / stamps (ใช้สำหรับ revoke-all ระดับ tenant/user) =====
    Task<string>  GetTenantTokenVersionAsync(Guid tenantId, CancellationToken ct = default);
    Task BumpTenantTokenVersionAsync(Guid tenantId, CancellationToken ct = default);
    Task<string?> GetUserSecurityStampAsync(Guid userId, CancellationToken ct = default);
    Task BumpUserSecurityStampAsync(Guid userId, CancellationToken ct = default);
}