using System.Data;
using AMREZ.EOP.Abstractions.Applications.Tenancy;
using AMREZ.EOP.Abstractions.Applications.UseCases.Authentications;
using AMREZ.EOP.Abstractions.Infrastructures.Common;
using AMREZ.EOP.Abstractions.Infrastructures.Repositories;
using AMREZ.EOP.Abstractions.Security;
using AMREZ.EOP.Contracts.DTOs.Authentications.Login;
using AMREZ.EOP.Domain.Entities.Authentications;
using Microsoft.AspNetCore.Http;

namespace AMREZ.EOP.Application.UseCases.Authentications
{
    public sealed class LoginUseCase : ILoginUseCase
    {
        private readonly ITenantResolver _tenantResolver;
        private readonly IUserRepository _users;
        private readonly ITenantRepository _tenants;
        private readonly IPasswordHasher _hasher;
        private readonly IHttpContextAccessor _http;
        private readonly IUnitOfWork _uow;

        public LoginUseCase(
            ITenantResolver tenantResolver,
            IUserRepository users,
            ITenantRepository tenants,
            IPasswordHasher hasher,
            IHttpContextAccessor http,
            IUnitOfWork uow)
        {
            _tenantResolver = tenantResolver;
            _users = users;
            _tenants = tenants;          
            _hasher = hasher;
            _http = http;
            _uow = uow;
        }

        public async Task<LoginResponse?> ExecuteAsync(LoginRequest request, CancellationToken ct = default)
        {
            var http = _http.HttpContext ?? throw new InvalidOperationException("No HttpContext");

            var platform = _tenantResolver.Resolve(http, "@platform");
            if (platform is null) return null;

            var email = request.Email.Trim().ToLowerInvariant();

            await _uow.BeginAsync(platform, IsolationLevel.ReadCommitted, ct);
            try
            {
                var user = await _users.FindActiveByEmailAsync(email, ct);
                if (user is null || !_hasher.Verify(request.Password, user.PasswordHash))
                {
                    await _uow.RollbackAsync(ct);
                    return null;
                }

                var tenantKey = await _tenants.GetTenantKeyByTenantIdAsync(user.TenantId, ct);
                if (string.IsNullOrWhiteSpace(tenantKey))
                {
                    await _uow.RollbackAsync(ct);
                    return null;
                }

                var roles = (user.UserRoles ?? Enumerable.Empty<UserRole>())
                    .Where(ur => ur.Role != null /*&& ur.Role.TenantId == user.TenantId*/) // ถ้า Role เป็น per-tenant ค่อยกรอง
                    .Select(ur => ur.Role!.Code)
                    .Distinct(StringComparer.OrdinalIgnoreCase)
                    .ToArray();

                await _uow.CommitAsync(ct);

                return new LoginResponse(user.Id, user.TenantId, email, tenantKey, roles);
            }
            catch
            {
                await _uow.RollbackAsync(ct);
                throw;
            }
        }
    }
}