package web

import (
	"context"
	"fmt"
	v1 "github.com/go-nunu/nunu-layout-advanced/api/v1"
	"github.com/go-nunu/nunu-layout-advanced/internal/model"
)


// ProcessSSLCertificate 处理SSL证书
func (s *AidedWebService) ProcessSSLCertificate(ctx context.Context, req *v1.WebForwardingRequest, cdnUid int) error {
	if !s.IsHttpsProtocol(req.WebForwardingData.IsHttps) {
		return nil // 非HTTPS协议不需要处理SSL证书
	}

	// 添加SSL证书
	sslCertId, err := s.sslCert.AddSSLCert(ctx, v1.SSL{
		Name:        req.WebForwardingData.Domain,
		Domain:      req.WebForwardingData.Domain,
		CertData:    req.WebForwardingData.HttpsCert,
		KeyData:     req.WebForwardingData.HttpsKey,
		CdnUserId:   cdnUid,
		Description: req.WebForwardingData.Comment,
	})
	if err != nil {
		return fmt.Errorf("添加SSL证书失败: %w", err)
	}

	// 更新请求中的证书ID
	req.WebForwardingData.SslCertId = sslCertId

	// 编辑SSL策略
	if err := s.sslCert.EditSslPolicy(ctx, req.WebForwardingData.SslPolicyId, []int64{sslCertId}, "add"); err != nil {
		return fmt.Errorf("编辑SSL策略失败: %w", err)
	}

	return nil
}

// ProcessSSLCertificateUpdate 处理SSL证书更新
func (s *AidedWebService) ProcessSSLCertificateUpdate(ctx context.Context, req *v1.WebForwardingRequest, oldData *model.WebForwarding, cdnUid int) error {
	if !s.IsHttpsProtocol(req.WebForwardingData.IsHttps) {
		return nil // 非HTTPS协议不需要处理SSL证书
	}

	// 如果证书ID为0
	if oldData.SslCertId == 0 {
		err := s.ProcessSSLCertificate(ctx, req, cdnUid)
		if err != nil {
			return fmt.Errorf("处理SSL证书失败: %w", err)
		}
		return nil
	}

	// 如果证书内容有变化
	if oldData.HttpsCert != req.WebForwardingData.HttpsCert || oldData.HttpsKey != req.WebForwardingData.HttpsKey {
		if err := s.sslCert.EditSSLCert(ctx, v1.SSL{
			Name:        req.WebForwardingData.Domain,
			CertId:      oldData.SslCertId,
			CertData:    req.WebForwardingData.HttpsCert,
			KeyData:     req.WebForwardingData.HttpsKey,
			CdnUserId:   cdnUid,
			Domain:      req.WebForwardingData.Domain,
			Description: req.WebForwardingData.Comment,
		}); err != nil {
			return fmt.Errorf("更新SSL证书失败: %w", err)
		}
	}

	return nil
}

// CleanupSSLCertificate 清理SSL证书
func (s *AidedWebService) CleanupSSLCertificate(ctx context.Context, oldData *model.WebForwarding) error {
	if oldData.SslCertId != 0 {
		if err := s.cdn.DelSSLCert(ctx, int64(oldData.SslCertId)); err != nil {
			return fmt.Errorf("删除SSL证书失败: %w", err)
		}

		if err := s.sslCert.EditSslPolicy(ctx, int64(oldData.SslPolicyId), []int64{int64(oldData.SslCertId)}, "del"); err != nil {
			return fmt.Errorf("删除SSL策略失败: %w", err)
		}
	}

	return nil
}