using line_gestao_api.Models;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;

namespace line_gestao_api.Controllers;

[ApiController]
[Route("dev")]
public class DevController : ControllerBase
{
    private readonly UserManager<ApplicationUser> _userManager;
    private readonly IConfiguration _config;
    private readonly IWebHostEnvironment _env;

    public DevController(
        UserManager<ApplicationUser> userManager,
        IConfiguration config,
        IWebHostEnvironment env)
    {
        _userManager = userManager;
        _config = config;
        _env = env;
    }

    /// <summary>
    /// Reseta a senha do admin seeded (somente em Development).
    /// </summary>
    [HttpPost("reset-admin-password")]
    public async Task<IActionResult> ResetAdminPassword()
    {
        // 🔒 Proteção: só funciona em Development
        if (!_env.IsDevelopment())
            return NotFound();

        var email = (_config["Seed:AdminEmail"] ?? "admin@linegestao.local").Trim().ToLowerInvariant();
        var newPassword = _config["Seed:AdminPassword"] ?? "Admin123!";

        var normalizedEmail = _userManager.NormalizeEmail(email);

        var user = await _userManager.Users
            .FirstOrDefaultAsync(u => u.NormalizedEmail == normalizedEmail);

        if (user == null)
            return NotFound("Admin não encontrado.");

        // remove lockout se existir (só pra garantir)
        await _userManager.SetLockoutEndDateAsync(user, null);
        await _userManager.ResetAccessFailedCountAsync(user);

        // reseta senha corretamente (via Identity)
        var token = await _userManager.GeneratePasswordResetTokenAsync(user);
        var reset = await _userManager.ResetPasswordAsync(user, token, newPassword);

        if (!reset.Succeeded)
            return BadRequest(reset.Errors.Select(e => e.Description));

        return Ok($"Senha do admin resetada com sucesso para: {newPassword}");
    }
}