package command

import (
	"context"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/command/preparation"
	"github.com/zitadel/zitadel/internal/crypto"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/repository/instance"
	"github.com/zitadel/zitadel/internal/zerrors"
)

func (c *Commands) AddSecretGeneratorConfig(ctx context.Context, typ domain.SecretGeneratorType, config *crypto.GeneratorConfig) (*domain.ObjectDetails, error) {
	agg := instance.NewAggregate(authz.GetInstance(ctx).InstanceID())
	cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, prepareAddSecretGeneratorConfig(agg, typ, config))
	if err != nil {
		return nil, err
	}

	events, err := c.eventstore.Push(ctx, cmds...)
	if err != nil {
		return nil, err
	}
	return &domain.ObjectDetails{
		Sequence:      events[len(events)-1].Sequence(),
		EventDate:     events[len(events)-1].CreatedAt(),
		ResourceOwner: agg.ResourceOwner,
	}, nil
}

func prepareAddSecretGeneratorConfig(a *instance.Aggregate, typ domain.SecretGeneratorType, config *crypto.GeneratorConfig) preparation.Validation {
	return func() (preparation.CreateCommands, error) {
		if !typ.Valid() {
			return nil, zerrors.ThrowInvalidArgument(nil, "V2-FGqVj", "Errors.InvalidArgument")
		}
		if config.Length < 1 {
			return nil, zerrors.ThrowInvalidArgument(nil, "V2-jEqCt", "Errors.InvalidArgument")
		}
		return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
			writeModel := NewInstanceSecretGeneratorConfigWriteModel(ctx, typ)
			events, err := filter(ctx, writeModel.Query())
			if err != nil {
				return nil, err
			}
			writeModel.AppendEvents(events...)
			if err = writeModel.Reduce(); err != nil {
				return nil, err
			}

			if writeModel.State == domain.SecretGeneratorStateActive {
				return nil, zerrors.ThrowAlreadyExists(nil, "V2-6CqKo", "Errors.SecretGenerator.AlreadyExists")
			}

			return []eventstore.Command{
				instance.NewSecretGeneratorAddedEvent(
					ctx,
					&a.Aggregate,
					typ,
					config.Length,
					config.Expiry,
					config.IncludeLowerLetters,
					config.IncludeUpperLetters,
					config.IncludeDigits,
					config.IncludeSymbols,
				),
			}, nil
		}, nil
	}
}

func (c *Commands) ChangeSecretGeneratorConfig(ctx context.Context, generatorType domain.SecretGeneratorType, config *crypto.GeneratorConfig) (*domain.ObjectDetails, error) {
	if generatorType == domain.SecretGeneratorTypeUnspecified {
		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-33k9f", "Errors.SecretGenerator.TypeMissing")
	}

	generatorWriteModel, err := c.getSecretConfig(ctx, generatorType)
	if err != nil {
		return nil, err
	}
	instanceAgg := InstanceAggregateFromWriteModel(&generatorWriteModel.WriteModel)
	if generatorWriteModel.State == domain.SecretGeneratorStateUnspecified || generatorWriteModel.State == domain.SecretGeneratorStateRemoved {
		err = c.pushAppendAndReduce(ctx, generatorWriteModel,
			instance.NewSecretGeneratorAddedEvent(
				ctx,
				instanceAgg,
				generatorType,
				config.Length,
				config.Expiry,
				config.IncludeLowerLetters,
				config.IncludeUpperLetters,
				config.IncludeDigits,
				config.IncludeSymbols,
			),
		)
		if err != nil {
			return nil, err
		}
		return writeModelToObjectDetails(&generatorWriteModel.WriteModel), nil
	}

	changedEvent, hasChanged, err := generatorWriteModel.NewChangedEvent(
		ctx,
		instanceAgg,
		generatorType,
		config.Length,
		config.Expiry,
		config.IncludeLowerLetters,
		config.IncludeUpperLetters,
		config.IncludeDigits,
		config.IncludeSymbols)
	if err != nil {
		return nil, err
	}
	if !hasChanged {
		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-m0o3f", "Errors.NoChangesFound")
	}
	if err = c.pushAppendAndReduce(ctx, generatorWriteModel, changedEvent); err != nil {
		return nil, err
	}
	return writeModelToObjectDetails(&generatorWriteModel.WriteModel), nil
}

func (c *Commands) RemoveSecretGeneratorConfig(ctx context.Context, generatorType domain.SecretGeneratorType) (*domain.ObjectDetails, error) {
	if generatorType == domain.SecretGeneratorTypeUnspecified {
		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-2j9lw", "Errors.SecretGenerator.TypeMissing")
	}

	generatorWriteModel, err := c.getSecretConfig(ctx, generatorType)
	if err != nil {
		return nil, err
	}
	if generatorWriteModel.State == domain.SecretGeneratorStateUnspecified || generatorWriteModel.State == domain.SecretGeneratorStateRemoved {
		return nil, zerrors.ThrowNotFound(nil, "COMMAND-b8les", "Errors.SecretGenerator.NotFound")
	}
	instanceAgg := InstanceAggregateFromWriteModel(&generatorWriteModel.WriteModel)
	pushedEvents, err := c.eventstore.Push(ctx, instance.NewSecretGeneratorRemovedEvent(ctx, instanceAgg, generatorType))
	if err != nil {
		return nil, err
	}
	err = AppendAndReduce(generatorWriteModel, pushedEvents...)
	if err != nil {
		return nil, err
	}
	return writeModelToObjectDetails(&generatorWriteModel.WriteModel), nil
}

func (c *Commands) getSecretConfig(ctx context.Context, generatorType domain.SecretGeneratorType) (_ *InstanceSecretGeneratorConfigWriteModel, err error) {
	writeModel := NewInstanceSecretGeneratorConfigWriteModel(ctx, generatorType)
	err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
	if err != nil {
		return nil, err
	}

	return writeModel, nil
}