"use server";

import {auth} from "@/auth";
import {prisma} from "@/lib/db/prisma";
import {logAudit} from "@/lib/audit/log";
import {revalidatePath} from "next/cache";
import {z} from "zod";

export type ActionResult = {success: boolean; error?: string; id?: string};

// ─────────────────────────────────────────────────────────
// Create Tenant
// ─────────────────────────────────────────────────────────
const createTenantSchema = z.object({
  name: z.string().min(2),
  slug: z
    .string()
    .min(2)
    .regex(/^[a-z0-9-]+$/, "Only lowercase letters, numbers and hyphens"),
  email: z.string().email(),
  phone: z.string().optional(),
  country: z.string().optional(),
  city: z.string().optional(),
  currency: z.string().default("USD"),
  adminFirstName: z.string().min(1),
  adminLastName: z.string().min(1),
  adminEmail: z.string().email(),
  adminPassword: z.string().min(8)
});

export async function createTenant(formData: FormData): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user?.id || session.user.platformRole !== "SUPER_ADMIN") {
    return {success: false, error: "Unauthorized"};
  }

  const raw = Object.fromEntries(formData.entries());
  const parsed = createTenantSchema.safeParse(raw);
  if (!parsed.success) {
    return {success: false, error: parsed.error.issues[0]?.message ?? "Validation error"};
  }

  const d = parsed.data;

  // Check slug uniqueness
  const existing = await prisma.tenant.findUnique({where: {slug: d.slug}});
  if (existing) return {success: false, error: "Slug already taken"};

  try {
    // Hash password
    const bcrypt = await import("bcrypt");
    const passwordHash = await bcrypt.hash(d.adminPassword, 12);

    // Upsert admin user
    let adminUser = await prisma.user.findUnique({where: {email: d.adminEmail.toLowerCase()}});
    if (!adminUser) {
      adminUser = await prisma.user.create({
        data: {
          email: d.adminEmail.toLowerCase(),
          firstName: d.adminFirstName,
          lastName: d.adminLastName,
          name: `${d.adminFirstName} ${d.adminLastName}`,
          passwordHash,
          status: "ACTIVE"
        }
      });
    }

    const tenant = await prisma.tenant.create({
      data: {
        name: d.name,
        slug: d.slug,
        email: d.email,
        phone: d.phone ?? null,
        country: d.country ?? null,
        city: d.city ?? null,
        currency: d.currency as never,
        status: "TRIAL",
        supportedLanguages: ["EN", "AR"],
        settings: {
          create: {
            bookingRequiresApproval: true
          }
        },
        memberships: {
          create: {
            userId: adminUser.id,
            role: "COMPANY_ADMIN",
            isDefault: true
          }
        }
      }
    });

    await logAudit({
      action: "CREATE",
      entityType: "Tenant",
      entityId: tenant.id,
      userId: session.user.id,
      newValues: {name: d.name, slug: d.slug, email: d.email}
    });

    revalidatePath("/super-admin/tenants");
    return {success: true, id: tenant.id};
  } catch (err: unknown) {
    const message = err instanceof Error ? err.message : "Unknown error";
    return {success: false, error: "Failed to create tenant: " + message};
  }
}

// ─────────────────────────────────────────────────────────
// Toggle Tenant Status
// ─────────────────────────────────────────────────────────
export async function toggleTenantStatus(tenantId: string, newStatus: "ACTIVE" | "SUSPENDED"): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user?.id || session.user.platformRole !== "SUPER_ADMIN") {
    return {success: false, error: "Unauthorized"};
  }

  try {
    const old = await prisma.tenant.findUnique({where: {id: tenantId}, select: {status: true}});
    await prisma.tenant.update({where: {id: tenantId}, data: {status: newStatus}});

    await logAudit({
      action: "STATUS_CHANGE",
      entityType: "Tenant",
      entityId: tenantId,
      userId: session.user.id,
      oldValues: {status: old?.status},
      newValues: {status: newStatus}
    });

    revalidatePath("/super-admin/tenants");
    return {success: true};
  } catch {
    return {success: false, error: "Failed to update tenant status"};
  }
}

// ─────────────────────────────────────────────────────────
// Update Platform Settings
// ─────────────────────────────────────────────────────────
export async function updatePlatformSettings(formData: FormData): Promise<ActionResult> {
  const session = await auth();
  if (!session?.user?.id || session.user.platformRole !== "SUPER_ADMIN") {
    return {success: false, error: "Unauthorized"};
  }

  const platformName = formData.get("platformName") as string;
  const contactEmail = formData.get("contactEmail") as string;
  const contactPhone = (formData.get("contactPhone") as string) || null;
  const timezone = (formData.get("timezone") as string) || "UTC";
  const maintenanceMode = formData.get("maintenanceMode") === "on";

  if (!platformName || !contactEmail) {
    return {success: false, error: "Platform name and contact email are required"};
  }

  try {
    const existing = await prisma.platformSetting.findFirst();
    if (existing) {
      await prisma.platformSetting.update({
        where: {id: existing.id},
        data: {platformName, contactEmail, contactPhone, timezone, maintenanceMode}
      });
    } else {
      await prisma.platformSetting.create({
        data: {
          platformName,
          contactEmail,
          contactPhone,
          timezone,
          maintenanceMode,
          supportedLanguages: ["EN", "AR"]
        }
      });
    }

    revalidatePath("/super-admin/settings");
    return {success: true};
  } catch {
    return {success: false, error: "Failed to save settings"};
  }
}