package com.dacrt.SBIABackend.controler;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.client.RestTemplate;

import java.util.*;

import javax.servlet.http.HttpServletRequest;

@RestController
@RequestMapping("/Groups") // Todas las rutas empiezan con /Groups
public class GroupScimController {
	@Autowired
    private JdbcTemplate jdbcTemplate;
	
	@Autowired
    private RestTemplate restTemplate;
	
	// @Value("$(var.ambiente)")
	@Value("${var.ambiente}")
	private String urlAmbiente;
	
	@Value("${spring.security.oauth2.client.registration.okta.client-id}")
	private String clientId;
	
	@Value("${spring.security.oauth2.client.registration.okta.redirect-uri}")
	private String redirect_uri;
	
	@Value("${app.oauth.scopes}")
	private String scope;
	
	@Value("${spring.security.oauth2.client.provider.okta.issuer-uri}")
	private String issuerUri;
	
	@Value("${app.oauth.v1.token}")
	private String vtoken;
	
	@Value("${spring.security.oauth2.client.registration.okta.client-secret}")
	private String clienteSec;
	
	@Value("${spring.security.oauth2.client.registration.okta.authorization-endpoint}")
	private String vauth;
	
	@Value("${app.oauth2.v1.userinfo}")
	private String vuserinfo;
	
	@Value("${direccionlocal}")
	private String dirlocal;
	
	@Value("${isOkta}")
	private int isOkta;
	
	@Value("${app.user.exist.url}")
	private String urlOktaExist;
	
	@Value("${cors.allowed.origin}")
	private String urlSystemLogout;
	
	@Value("${app.api.token}")
	private String varTokenprovissioning; 
	
	@Value("${app.email.helpdesk.active}")
	private String vemailhelpdesk; 
	
	@Value("${app.scim.base.url}")
	private String scimurl;
	
	@Value("${app.scim.role.default}")
	private String scimroledefault;

    // --- EQUIVALENTE A: case 'GET' (Listar todos) ---
    @GetMapping
    public ResponseEntity<Map<String, Object>> listGroups(HttpServletRequest request) {
    	String idtokenrequest = request.getHeader("Authorization");
		 /// comente esto que es la validacion del bearer Token 
	/*	 if (idtokenrequest.contains("Bearer")) {
			  idtokenrequest = idtokenrequest.substring(7);
		  } else {
			  idtokenrequest = idtokenrequest;
		  }*/
		 String SentenciaBase = "SELECT cast(u.id as text) as id, u.name FROM main.roles u WHERE u.id <> 0";
		    List<Map<String, Object>> listaDeDB = jdbcTemplate.queryForList(SentenciaBase);
		    
    	// 2. Preparar la lista de Recursos (Resources) en formato SCIM
    	    List<Map<String, Object>> resources = new ArrayList<>();
    	    
    	    for (Map<String, Object> fila : listaDeDB) {
    	        Map<String, Object> groupScim = new HashMap<>();
    	        
    	        // Okta necesita estos campos específicos
    	        groupScim.put("schemas", Collections.singletonList("urn:ietf:params:scim:schemas:core:2.0:Group"));
    	        groupScim.put("id", fila.get("id")); 
    	        groupScim.put("displayName", fila.get("name"));
    	        
    	        String SentenciaBaseUsers = "SELECT u.usr FROM main.users u WHERE ref is not null and u.rolid = " + fila.get("id");
			    List<Map<String, Object>> listaUserDB = jdbcTemplate.queryForList(SentenciaBaseUsers);
    	        // Opcional: Si no envías miembros ahora, puedes enviar una lista vacía
    	        groupScim.put("members", listaUserDB);

    	        resources.add(groupScim);
    	    }
    	    
    	 // 3. Armar la respuesta final (ListResponse)
    	    Map<String, Object> response = new HashMap<>();
    	    response.put("schemas", Collections.singletonList("urn:ietf:params:scim:api:messages:2.0:ListResponse"));
    	    response.put("totalResults", resources.size()); // Cantidad real de registros
    	    response.put("startIndex", 1);
    	    response.put("itemsPerPage", resources.size());
    	    response.put("Resources", resources);
        
        return ResponseEntity.ok(response);
    }

   // obtener uno de grupo, Ander lo hizo con un Swich
    @GetMapping("/{id}")
    public ResponseEntity<Map<String, Object>> getGroup(HttpServletRequest request,@PathVariable("id") String id) {
    	String idtokenrequest = request.getHeader("Authorization");
		
		 if (idtokenrequest.contains("Bearer")) {
			  idtokenrequest = idtokenrequest.substring(7);
		  } else {
			  idtokenrequest = idtokenrequest;
		  }
		 
		 String SentenciaBase = "SELECT cast(u.id as text) as id, u.name FROM main.roles u WHERE u.id = " + id;
		    List<Map<String, Object>> listaDeDB = jdbcTemplate.queryForList(SentenciaBase);
		    
			 String SentenciaBaseUsers = "SELECT u.usr FROM main.users u WHERE ref is not null and u.rolid = " + id;
			    List<Map<String, Object>> listaUserDB = jdbcTemplate.queryForList(SentenciaBaseUsers);
			    
 	// 2. Preparar la lista de Recursos (Resources) en formato SCIM
 	    List<Map<String, Object>> resources = new ArrayList<>();
 	    
 	    for (Map<String, Object> fila : listaDeDB) {
 	        Map<String, Object> groupScim = new HashMap<>();
 	        
 	        // Okta necesita estos campos específicos
 	        groupScim.put("schemas", Collections.singletonList("urn:ietf:params:scim:schemas:core:2.0:Group"));
 	        groupScim.put("id", fila.get("id")); 
 	        groupScim.put("displayName", fila.get("name")); 
 	        
 	        // Opcional: Si no envías miembros ahora, puedes enviar una lista vacía
 	        groupScim.put("members", listaUserDB);

 	        resources.add(groupScim);
 	    }
 	    
 	 // 3. comienzo a armar la salida del dto final
 	    Map<String, Object> response = new HashMap<>();
 	    response.put("schemas", Collections.singletonList("urn:ietf:params:scim:api:messages:2.0:ListResponse"));
 	    response.put("totalResults", resources.size()); // total de registros
 	    response.put("startIndex", 1);
 	    response.put("itemsPerPage", resources.size());
 	    response.put("Resources", resources);
     
     return ResponseEntity.ok(response);
    }

    // --- EQUIVALENTE A: case 'POST' ---
    @PostMapping
    public ResponseEntity<Map<String, Object>> createGroup(HttpServletRequest request,@RequestBody Map<String, Object> input) {
    	String idtokenrequest = request.getHeader("Authorization");
		
		 if (idtokenrequest.contains("Bearer")) {
			  idtokenrequest = idtokenrequest.substring(7);
		  } else {
			  idtokenrequest = idtokenrequest;
		  }
        String displayName = (String) input.getOrDefault("displayName", "Sin Nombre");
        
        Map<String, Object> response = new HashMap<>();
        response.put("id", "nuevo_id_123");
        response.put("displayName", displayName);
        
        return ResponseEntity.status(HttpStatus.CREATED).body(response);
    }

    // --- EQUIVALENTE A: case 'PATCH' ---
    @PatchMapping("/{id}")
    public ResponseEntity<Void> patchGroup(HttpServletRequest request,@PathVariable("id") String id, @RequestBody Map<String, Object> input) {
    	String idtokenrequest = request.getHeader("Authorization");
		
		 if (idtokenrequest.contains("Bearer")) {
			  idtokenrequest = idtokenrequest.substring(7);
		  } else {
			  idtokenrequest = idtokenrequest;
		  }
        // Aquí llamarías a tu función procesarPatchGrupo(id, input)
        System.out.println("Procesando cambios para el grupo: " + id);
        return ResponseEntity.noContent().build(); // Devuelve 204
    }

    // --- EQUIVALENTE A: case 'DELETE' ---
    @DeleteMapping("/{id}")
    public ResponseEntity<Void> deleteGroup(HttpServletRequest request,@PathVariable("id") String id) {
    	String idtokenrequest = request.getHeader("Authorization");
		
		 if (idtokenrequest.contains("Bearer")) {
			  idtokenrequest = idtokenrequest.substring(7);
		  } else {
			  idtokenrequest = idtokenrequest;
		  }
        return ResponseEntity.noContent().build(); // Devuelve 204
    }
}