'use strict'
const bcrypt = require( 'bcrypt' )
const crs = require( 'crypto-random-string' )
const appRoot = require( 'app-root-path' )
const knex = require( `${appRoot}/db/knex` )
const { saveActivity } = require( `${appRoot}/modules/activitystream/services` )

const Users = ( ) => knex( 'users' )
const Acl = ( ) => knex( 'server_acl' )

const debug = require( 'debug' )
const { deleteStream } = require( './streams' )


const changeUserRole = async ( { userId, role } ) => await Acl().where( { userId: userId } ).update( { role:role } )

const countAdminUsers = async ( ) => {
  let [ { count } ] = await Acl( ).where( { role: 'server:admin' } ).count( )
  return parseInt ( count )
} 
const _ensureAtleastOneAdminRemains = async ( userId ) => {
  if ( await countAdminUsers() === 1 ){
    let currentAdmin = await Acl( ).where( { role: 'server:admin' } ).first()
    if ( currentAdmin.userId == userId ) {
      throw new Error( 'Cannot remove the last admin role from the server' )
    }
  }
}

const userByEmailQuery = email => Users( ).whereRaw( 'lower(email) = lower(?)',[ email ] )


module.exports = {

  /*

        Users

  */

  async createUser( user ) {
    user.id = crs( { length: 10 } )
    user.email = user.email.toLowerCase()

    if ( user.password ) {
      if ( user.password.length < 8 ) throw new Error( 'Password to short; needs to be 8 characters or longer.' )
      user.passwordDigest = await bcrypt.hash( user.password, 10 )
    }
    delete user.password

    let usr = await userByEmailQuery( user.email ).select( 'id' ).first( )
    if ( usr ) throw new Error( 'Email taken. Try logging in?' )

    let res = await Users( ).returning( 'id' ).insert( user )
    
    let userRole = await countAdminUsers () === 0 ? 'server:admin' : 'server:user' 

    await Acl( ).insert( { userId: res[ 0 ].id, role: userRole } )

    let loggedUser = { ...user }
    delete loggedUser.passwordDigest
    await saveActivity( {
      streamId: null,
      resourceType: 'user',
      resourceId: user.id,
      actionType: 'user_create',
      userId: user.id,
      info: { user: loggedUser },
      message: 'User created'
    } )

    return res[ 0 ].id
  },

  async findOrCreateUser( { user, rawProfile } ) {
    let existingUser = await userByEmailQuery( user.email ).select( 'id' ).first( )

    if ( existingUser ) {
      if ( user.suuid ) {
        await module.exports.updateUser( existingUser.id, { suuid: user.suuid } )
      }

      existingUser.suuid = user.suuid
      return existingUser
    }

    user.password = crs( { length: 20 } )
    user.verified = true // because we trust the external identity provider, no?
    return { id: await module.exports.createUser( user ), email: user.email }
  },

  async getUserById( { userId } ) {
    let user = await Users( ).where( { id: userId } ).select( '*' ).first( )
    if ( user ) 
      delete user.passwordDigest
    return user
  },

  // TODO: deprecate
  async getUser( id ) {
    let user = await Users( ).where( { id: id } ).select( '*' ).first( )
    if ( user ) 
      delete user.passwordDigest
    return user
  },

  async getUserByEmail( { email } ) {
    let user = await userByEmailQuery( email ).select( '*' ).first( )
    if ( !user ) return null
    delete user.passwordDigest
    return user
  },

  async getUserRole( id ) {
    let { role } = await Acl( ).where( { userId: id } ).select( 'role' ).first( )
    return role
  },

  async updateUser( id, user ) {
    delete user.id
    delete user.passwordDigest
    delete user.password
    delete user.email
    await Users( ).where( { id: id } ).update( user )
  },

  async updateUserPassword( { id, newPassword } ) {
    if ( newPassword.length < 8 ) throw new Error( 'Password to short; needs to be 8 characters or longer.' )
    let passwordDigest = await bcrypt.hash( newPassword, 10 )
    await Users().where( { id:id } ).update( { passwordDigest } )
  },

  async searchUsers( searchQuery, limit, cursor ) {
    limit = limit || 25

    let query = Users( )
      .select( 'id', 'name', 'bio', 'company', 'verified', 'avatar', 'createdAt' )
      .where( queryBuilder => {
        queryBuilder.where( { email: searchQuery } ) //match full email or partial name
        queryBuilder.orWhere( 'name', 'ILIKE', `%${searchQuery}%` )
      } )

    if ( cursor )
      query.andWhere( 'users.createdAt', '<', cursor )

    query.orderBy( 'users.createdAt', 'desc' ).limit( limit )

    let rows = await query
    return { users: rows, cursor: rows.length > 0 ? rows[ rows.length - 1 ].createdAt.toISOString( ) : null }
  },

  async validatePasssword( { email, password } ) {
    let { passwordDigest } = await userByEmailQuery( email ).select( 'passwordDigest' ).first( )
    return bcrypt.compare( password, passwordDigest )
  },

  async deleteUser( id ) {
    //TODO: check for the last admin user to survive
    debug( 'speckle:db' )( 'Deleting user ' + id )
    await _ensureAtleastOneAdminRemains( id )
    let streams = await knex.raw(
      `
      -- Get the stream ids with only this user as owner
      SELECT "resourceId" as id
      FROM (
        -- Compute (streamId, ownerCount) table for streams on which the user is owner
        SELECT acl."resourceId", count(*) as cnt
        FROM stream_acl acl
        INNER JOIN 
          (
          -- Get streams ids on which the user is owner
          SELECT "resourceId" FROM stream_acl
          WHERE role = 'stream:owner' AND "userId" = ?
          ) AS us ON acl."resourceId" = us."resourceId"
        WHERE acl.role = 'stream:owner'
        GROUP BY (acl."resourceId")
      ) AS soc
      WHERE cnt = 1
      `,
      [ id ]
    )
    for ( let i in streams.rows ) {
      await deleteStream( { streamId: streams.rows[i].id } )
    }
    
    return await Users( ).where( { id: id } ).del( )
  },

  async getUsers ( limit = 10, offset = 0, searchQuery = null ) {
    // sanitize limit
    const maxLimit = 200
    if ( limit > maxLimit ) limit = maxLimit
  
    let query = Users ( )

    if ( searchQuery ) {
      query.where( queryBuilder => {
        queryBuilder
          .where( 'email', 'ILIKE', `%${searchQuery}%` )
          .orWhere( 'name', 'ILIKE', `%${searchQuery}%` )
          .orWhere( 'company', 'ILIKE', `%${searchQuery}%` )
      } )
    }
    let users = await query.limit( limit ).offset( offset ) 
    users.map( user => delete user.passwordDigest )
    return users
  },

  async makeUserAdmin( { userId } ){
    await changeUserRole( { userId, role:'server:admin' } )
  },

  async unmakeUserAdmin( { userId } ){
    // dont delete last admin role
    await _ensureAtleastOneAdminRemains( userId )
    await changeUserRole( { userId, role:'server:user' } )
  },

  async archiveUser( { userId } ){
    // dont change last admin to archived
    await _ensureAtleastOneAdminRemains( userId )
    await changeUserRole( { userId, role:'server:archived-user' } )
  },

  async countUsers ( searchQuery=null ){
    let query = Users()
    if ( searchQuery ) {
      query.where( queryBuilder => {
        queryBuilder
          .where( 'email', 'ILIKE', `%${searchQuery}%` )
          .orWhere( 'name', 'ILIKE', `%${searchQuery}%` )
          .orWhere( 'company', 'ILIKE', `%${searchQuery}%` )
      } )
    }
    
    let [ userCount ] = await query.count() 
    return parseInt( userCount.count )
  }
}