import { eq } from 'drizzle-orm';
import { db } from '../src/db';
import { groups, roles, userGroups, userRoles, users } from '../src/db/schema/auth';
import { hashPassword, verifyPassword } from '../src/lib/auth/password';

async function runTest() {
  console.log('👤 Testing user administration data flow...');

  const email = `admin-flow-${Date.now()}@ekb.com`;
  const [createdUser] = await db.insert(users).values({
    email,
    name: 'Admin Flow User',
    passwordHash: await hashPassword('initial-password'),
  }).returning();

  try {
    const [viewerRole] = await db.select().from(roles).where(eq(roles.name, 'viewer')).limit(1);
    const [engGroup] = await db.select().from(groups).where(eq(groups.name, 'Engineering Department')).limit(1);

    if (!viewerRole || !engGroup) {
      throw new Error('Required seed role/group missing. Run npx tsx src/db/seed.ts first.');
    }

    await db.insert(userRoles).values({
      userId: createdUser.id,
      roleId: viewerRole.id,
    }).onConflictDoNothing();

    await db.insert(userGroups).values({
      userId: createdUser.id,
      groupId: engGroup.id,
    }).onConflictDoNothing();

    const newPasswordHash = await hashPassword('reset-password');
    await db.update(users)
      .set({ passwordHash: newPasswordHash, updatedAt: new Date() })
      .where(eq(users.id, createdUser.id));

    const [updatedUser] = await db.select().from(users).where(eq(users.id, createdUser.id)).limit(1);
    const [assignedRole] = await db.select().from(userRoles).where(eq(userRoles.userId, createdUser.id)).limit(1);
    const [assignedGroup] = await db.select().from(userGroups).where(eq(userGroups.userId, createdUser.id)).limit(1);

    if (!updatedUser || !assignedRole || !assignedGroup) {
      throw new Error('User admin write flow did not persist expected rows.');
    }

    const resetPasswordWorks = await verifyPassword('reset-password', updatedUser.passwordHash);
    const oldPasswordWorks = await verifyPassword('initial-password', updatedUser.passwordHash);

    if (!resetPasswordWorks || oldPasswordWorks) {
      throw new Error('Password reset verification failed.');
    }
  } finally {
    await db.delete(users).where(eq(users.id, createdUser.id));
  }

  console.log('✅ User administration data flow passed.');
  process.exit(0);
}

runTest().catch((error) => {
  console.error('❌ Test failed with error:', error);
  process.exit(1);
});