import mongoose from 'mongoose';
import bcrypt from 'bcryptjs';
import { config } from '../src/config/index.js';
import { User } from '../src/models/User.js';
import { Role } from '../src/models/Role.js';
import { logger } from '../src/utils/logger.js';

async function setupSecurity() {
    try {
        // Connect to MongoDB
        await mongoose.connect(config.mongodb.uri);
        logger.info('Connected to MongoDB');

        // Create default roles
        logger.info('Creating default roles...');
        await Role.createDefaultRoles();
        logger.info('Default roles created');

        // Check if admin user exists
        const adminExists = await User.findOne({ username: 'admin' });
        
        if (!adminExists) {
            // Create admin user
            const adminPassword = process.env.ADMIN_PASSWORD || 'Admin@123456';
            
            const adminUser = new User({
                username: 'admin',
                email: 'admin@marketing-agent.com',
                password: adminPassword,
                role: 'admin',
                isActive: true,
                permissions: [{
                    resource: '*',
                    actions: ['create', 'read', 'update', 'delete', 'execute']
                }]
            });

            await adminUser.save();
            logger.info('Admin user created');
            logger.info('Username: admin');
            logger.info('Password: ' + adminPassword);
            logger.info('Please change the password after first login');
        } else {
            logger.info('Admin user already exists');
        }

        // Create sample users for testing
        const sampleUsers = [
            {
                username: 'manager',
                email: 'manager@marketing-agent.com',
                password: 'Manager@123',
                role: 'manager'
            },
            {
                username: 'operator',
                email: 'operator@marketing-agent.com',
                password: 'Operator@123',
                role: 'operator'
            },
            {
                username: 'viewer',
                email: 'viewer@marketing-agent.com',
                password: 'Viewer@123',
                role: 'viewer'
            }
        ];

        for (const userData of sampleUsers) {
            const exists = await User.findOne({ username: userData.username });
            if (!exists) {
                const user = new User(userData);
                await user.save();
                logger.info(`${userData.username} user created`);
            }
        }

        // Create security indices
        logger.info('Creating security indices...');
        
        // Index for API key lookups
        await mongoose.connection.collection('users').createIndex({ 'apiKeys.key': 1 });
        
        // Index for login rate limiting
        await mongoose.connection.collection('users').createIndex({ 
            username: 1, 
            'metadata.lastLoginAttempt': -1 
        });

        logger.info('Security setup completed successfully');
        
    } catch (error) {
        logger.error('Security setup failed:', error);
        process.exit(1);
    } finally {
        await mongoose.disconnect();
    }
}

// Run the setup
setupSecurity();