<?php

namespace Models;

class UserModel
{
    private \PDO $pdo;

    public function __construct()
    {
        // Conecta ao DB usando variável do .env
        $dbFile = $_ENV['DB_FILE'];
        $dbPath = __DIR__ . '/../' . $dbFile;
        $this->pdo = new \PDO("sqlite:" . $dbPath);
        $this->pdo->setAttribute(\PDO::ATTR_ERRMODE, \PDO::ERRMODE_EXCEPTION);
    }

    /**
     * Valida credenciais de login e retorna dados do usuário se válido.
     *
     * @param string $username
     * @param string $password Plain-text password para verificar
     * @return array|null Dados do usuário (user_id, user_name, etc.) ou null se inválido
     */
    public function validateLogin(string $username, string $password): ?array
    {
        $stmt = $this->pdo->prepare("SELECT user_id, user_name, user_password, role_id, company_id FROM user WHERE user_name = :username AND user_flag = 'a'");
        $stmt->execute(['username' => $username]);
        $user = $stmt->fetch(\PDO::FETCH_ASSOC);

        if ($user && password_verify($password, $user['user_password'])) {
            unset($user['password']);  // Remove hash por segurança
            return $user;
        }

        return null;
    }

    /**
     * Cria um novo usuário com senha hasheada e gera chaves API.
     *
     * @param string $username
     * @param string $password Plain-text password
     * @param string $flag Default 'a' para ativo
     * @return array|bool Dados do usuário criado (incluindo api_key) ou false em erro
     */
    public function createUser(string $username, string $email, string $password, int $company_id, int $role_id, string $flag = 'a')
    {
        // Verifica se username já existe
        $stmt = $this->pdo->prepare("SELECT user_id FROM user WHERE user_name = :username");
        $stmt->execute(['username' => $username]);
        if ($stmt->fetch()) {
            return false;  // Já existe
        }

        $hash = password_hash($password, PASSWORD_DEFAULT);

        // Insere usuário
        $stmt = $this->pdo->prepare("INSERT INTO user (user_name, user_email, user_flag, user_password, company_id, role_id) VALUES (:username, :email, :flag, :hash, :company_id, :role_id)");
        if (!$stmt->execute(['username' => $username, 'email' => $email, 'flag' => $flag, 'hash' => $hash, 'company_id' => $company_id, 'role_id' => $role_id])) {
            return false;
        }

        $userId = $this->pdo->lastInsertId();

        // Gera e insere chaves API (random para HMAC)
        $apiKey = bin2hex(random_bytes(16));  // Ex: 32 chars hex
        $apiSecret = bin2hex(random_bytes(32));  // Mais longo para secret
        $stmt = $this->pdo->prepare("INSERT INTO api_key (user_id, api_key_user, api_key_secret) VALUES (:user_id, :api_key, :api_secret)");
        if (!$stmt->execute(['user_id' => $userId, 'api_key' => $apiKey, 'api_secret' => $apiSecret])) {
            return false;
        }

        return [
            'user_id' => $userId,
            'user_name' => $username,
            'api_key_user' => $apiKey,
            'api_key_secret' => $apiSecret  // Retorne para o usuário (apenas uma vez!)
        ];
    }

    public function getUsersByCompany(int $companyId): array
    {
        $stmt = $this->pdo->prepare("SELECT user_id, user_name, user_email, role_id FROM user WHERE company_id = :company_id AND user_flag = 'a'");
        $stmt->execute(['company_id' => $companyId]);
        return $stmt->fetchAll(\PDO::FETCH_ASSOC);
    }

    public function deleteUserByName(string $username, int $companyId): bool
    {
        $stmt = $this->pdo->prepare("DELETE FROM user WHERE user_name = :username AND company_id = :company_id");
        $stmt->execute([
            'username' => $username,
            'company_id' => $companyId
        ]);

        return $stmt->rowCount() > 0;
    }

}