import { NextRequest, NextResponse } from 'next/server'
import pool from '@/lib/db'
import { getSessionFromRequest } from '@/lib/session'

function getTenantFilter(user: any) {
  if (user.role === 'admin_global') return { clause: '', params: [] }
  return { clause: 'WHERE tenant_id = ?', params: [user.tenant_id] }
}

export async function GET(req: NextRequest) {
  const user = await getSessionFromRequest(req)
  if (!user) return NextResponse.json({ error: 'Não autorizado' }, { status: 401 })

  const { clause, params } = getTenantFilter(user)
  const search = req.nextUrl.searchParams.get('search') ?? ''
  const tenantId = req.nextUrl.searchParams.get('tenant_id')
  const ouFilter = req.nextUrl.searchParams.get('ou') ?? ''

  let where = 'WHERE 1=1'
  const queryParams: any[] = []

  if (user.role !== 'admin_global') {
    where += ' AND tenant_id = ?'
    queryParams.push((user as any).tenant_id ?? (user as any).tenantId)
  } else if (tenantId) {
    where += ' AND tenant_id = ?'
    queryParams.push(tenantId)
  }

  if (ouFilter) {
    // Filtra pela OU extraída do distinguished_name (tudo após o primeiro componente CN=...)
    where += ' AND SUBSTRING(distinguished_name, LOCATE(\',\', distinguished_name) + 1) = ?'
    queryParams.push(ouFilter)
  }

  if (search) {
    where += ' AND (display_name LIKE ? OR sam_account_name LIKE ? OR email LIKE ?)'
    queryParams.push(`%${search}%`, `%${search}%`, `%${search}%`)
  }

  const [rows] = await pool.execute<any[]>(
    `SELECT * FROM ad_users ${where} ORDER BY display_name ASC`,
    queryParams
  )
  return NextResponse.json(rows)
}

export async function POST(req: NextRequest) {
  const user = await getSessionFromRequest(req)
  if (!user) return NextResponse.json({ error: 'Não autorizado' }, { status: 401 })

  const body = await req.json()
  const {
    tenant_id, sam_account_name, display_name, email, department,
    job_title, phone, distinguished_name, enabled, password_never_expires
  } = body

  const targetTenant = user.role === 'admin_global' ? tenant_id : ((user as any).tenantId ?? (user as any).tenant_id)
  if (!targetTenant) return NextResponse.json({ error: 'Tenant obrigatório' }, { status: 400 })

  const [result] = await pool.execute<any>(
    `INSERT INTO ad_users
      (tenant_id, sam_account_name, display_name, email, department, job_title, phone, distinguished_name, enabled, password_never_expires)
     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
    [targetTenant, sam_account_name, display_name, email ?? null, department ?? null,
     job_title ?? null, phone ?? null, distinguished_name ?? null,
     enabled !== false ? 1 : 0, password_never_expires ? 1 : 0]
  )

  // Registra tarefa para o agente
  await pool.execute(
    `INSERT INTO agent_tasks (tenant_id, type, payload, status)
     VALUES (?, 'create_user', ?, 'pending')`,
    [targetTenant, JSON.stringify({ ad_user_id: result.insertId, ...body })]
  )

  const [rows] = await pool.execute<any[]>('SELECT * FROM ad_users WHERE id = ?', [result.insertId])
  return NextResponse.json(rows[0], { status: 201 })
}