import { Injectable, UnauthorizedException } from '@nestjs/common';
import { JwtService } from '@nestjs/jwt';
import { ConfigService } from '@nestjs/config';
import * as bcrypt from 'bcryptjs';
import { PrismaService } from '../../prisma/prisma.service';

@Injectable()
export class SuperAdminService {
  constructor(
    private readonly prisma: PrismaService,
    private readonly jwtService: JwtService,
    private readonly config: ConfigService,
  ) {}

  async login(email: string, password: string): Promise<{ token: string; superAdmin: { id: string; email: string; name: string | null } }> {
    const admin = await this.prisma.superAdmin.findUnique({ where: { email } });
    if (!admin) throw new UnauthorizedException('Invalid credentials');

    const valid = await bcrypt.compare(password, admin.passwordHash);
    if (!valid) throw new UnauthorizedException('Invalid credentials');

    const token = this.jwtService.sign(
      { kind: 'superadmin', sub: admin.id, email: admin.email },
      { secret: this.config.get<string>('JWT_SECRET'), expiresIn: '7d' },
    );

    return { token, superAdmin: { id: admin.id, email: admin.email, name: admin.name } };
  }

  async me(adminId: string): Promise<{ id: string; email: string; name: string | null }> {
    const admin = await this.prisma.superAdmin.findUnique({ where: { id: adminId } });
    if (!admin) throw new UnauthorizedException('Super admin not found');
    return { id: admin.id, email: admin.email, name: admin.name };
  }
}