// LDAP Admin Routes

const { db } = require('../database');
const LDAPService = require('../ldap-service');
const { requireAdmin } = require('../middleware/auth');

// Routes registrieren
function registerAdminLDAPRoutes(app) {
  // LDAP-Konfiguration abrufen
  app.get('/admin/ldap/config', requireAdmin, (req, res) => {
    db.get('SELECT * FROM ldap_config WHERE id = 1', (err, config) => {
      if (err) {
        return res.status(500).json({ error: 'Fehler beim Abrufen der Konfiguration' });
      }
      
      // Passwort nicht zurückgeben
      if (config) {
        delete config.bind_password;
      }
      
      res.json({ config: config || null });
    });
  });

  // LDAP-Konfiguration speichern
  app.post('/admin/ldap/config', requireAdmin, (req, res) => {
    const {
      enabled,
      url,
      bind_dn,
      bind_password,
      base_dn,
      user_search_filter,
      username_attribute,
      firstname_attribute,
      lastname_attribute,
      sync_interval
    } = req.body;

    // Validierung - nur wenn aktiviert
    if (enabled && (!url || !base_dn)) {
      return res.status(400).json({ error: 'URL und Base DN sind erforderlich wenn LDAP aktiviert ist' });
    }

    // Prüfe ob Konfiguration bereits existiert
    db.get('SELECT id FROM ldap_config WHERE id = 1', (err, existing) => {
      if (err) {
        return res.status(500).json({ error: 'Fehler beim Prüfen der Konfiguration' });
      }

      const configData = {
        enabled: enabled ? 1 : 0,
        url: url.trim(),
        bind_dn: bind_dn ? bind_dn.trim() : null,
        bind_password: bind_password ? bind_password.trim() : null,
        base_dn: base_dn.trim(),
        user_search_filter: user_search_filter ? user_search_filter.trim() : '(objectClass=person)',
        username_attribute: username_attribute ? username_attribute.trim() : 'cn',
        firstname_attribute: firstname_attribute ? firstname_attribute.trim() : 'givenName',
        lastname_attribute: lastname_attribute ? lastname_attribute.trim() : 'sn',
        sync_interval: parseInt(sync_interval) || 0,
        updated_at: new Date().toISOString()
      };

      if (existing) {
        // Update - Passwort nur aktualisieren wenn angegeben
        if (configData.bind_password) {
          db.run(
            `UPDATE ldap_config SET 
              enabled = ?, url = ?, bind_dn = ?, bind_password = ?, base_dn = ?,
              user_search_filter = ?, username_attribute = ?, firstname_attribute = ?,
              lastname_attribute = ?, sync_interval = ?, updated_at = ?
             WHERE id = 1`,
            [
              configData.enabled, configData.url, configData.bind_dn, configData.bind_password,
              configData.base_dn, configData.user_search_filter, configData.username_attribute,
              configData.firstname_attribute, configData.lastname_attribute, configData.sync_interval,
              configData.updated_at
            ],
            (err) => {
              if (err) {
                return res.status(500).json({ error: 'Fehler beim Speichern der Konfiguration' });
              }
              res.json({ success: true });
            }
          );
        } else {
          // Passwort nicht ändern
          db.run(
            `UPDATE ldap_config SET 
              enabled = ?, url = ?, bind_dn = ?, base_dn = ?,
              user_search_filter = ?, username_attribute = ?, firstname_attribute = ?,
              lastname_attribute = ?, sync_interval = ?, updated_at = ?
             WHERE id = 1`,
            [
              configData.enabled, configData.url, configData.bind_dn,
              configData.base_dn, configData.user_search_filter, configData.username_attribute,
              configData.firstname_attribute, configData.lastname_attribute, configData.sync_interval,
              configData.updated_at
            ],
            (err) => {
              if (err) {
                return res.status(500).json({ error: 'Fehler beim Speichern der Konfiguration' });
              }
              res.json({ success: true });
            }
          );
        }
      } else {
        // Insert
        db.run(
          `INSERT INTO ldap_config (
            enabled, url, bind_dn, bind_password, base_dn, user_search_filter,
            username_attribute, firstname_attribute, lastname_attribute, sync_interval, updated_at
          ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)`,
          [
            configData.enabled, configData.url, configData.bind_dn, configData.bind_password,
            configData.base_dn, configData.user_search_filter, configData.username_attribute,
            configData.firstname_attribute, configData.lastname_attribute, configData.sync_interval,
            configData.updated_at
          ],
          (err) => {
            if (err) {
              return res.status(500).json({ error: 'Fehler beim Erstellen der Konfiguration' });
            }
            res.json({ success: true });
          }
        );
      }
    });
  });

  // Manuelle LDAP-Synchronisation starten
  app.post('/admin/ldap/sync', requireAdmin, (req, res) => {
    LDAPService.performSync('manual', (err, result) => {
      if (err) {
        return res.status(500).json({ 
          error: err.message || 'Fehler bei der Synchronisation',
          synced: result ? result.synced : 0,
          errors: result ? result.errors : []
        });
      }
      res.json({ 
        success: true, 
        synced: result.synced,
        errors: result.errors || []
      });
    });
  });

  // Sync-Log abrufen
  app.get('/admin/ldap/sync/log', requireAdmin, (req, res) => {
    const limit = parseInt(req.query.limit) || 10;
    db.all(
      'SELECT * FROM ldap_sync_log ORDER BY sync_started_at DESC LIMIT ?',
      [limit],
      (err, logs) => {
        if (err) {
          return res.status(500).json({ error: 'Fehler beim Abrufen des Logs' });
        }
        res.json({ logs: logs || [] });
      }
    );
  });
}

module.exports = registerAdminLDAPRoutes;