import 'dotenv/config';
import { argon2id, hash } from 'argon2';
import { eq } from 'drizzle-orm';
import { drizzle } from 'drizzle-orm/node-postgres';
import { Pool } from 'pg';
import { users } from '../src/database/schema';

function requiredEnvironmentValue(name: string): string {
  const value = process.env[name]?.trim();
  if (!value) throw new Error(`${name} is required.`);
  return value;
}

const databaseUrl = requiredEnvironmentValue('DATABASE_URL');
const email = requiredEnvironmentValue('ADMIN_EMAIL').toLowerCase();
const password = requiredEnvironmentValue('ADMIN_PASSWORD');

if (password.length < 12) {
  throw new Error('ADMIN_PASSWORD must contain at least 12 characters.');
}

async function main(): Promise<void> {
  const pool = new Pool({
    connectionString: databaseUrl,
    ssl:
      process.env.DATABASE_SSL === 'true'
        ? {
            rejectUnauthorized: process.env.DATABASE_SSL_REJECT_UNAUTHORIZED !== 'false',
          }
        : false,
    application_name: 'ck-terminal-seed-admin',
  });

  try {
    const db = drizzle(pool);
    const passwordHash = await hash(password, {
      type: argon2id,
      memoryCost: 19_456,
      timeCost: 3,
      parallelism: 1,
    });
    const [existing] = await db
      .select({ id: users.id })
      .from(users)
      .where(eq(users.email, email))
      .limit(1);

    if (existing) {
      await db
        .update(users)
        .set({
          passwordHash,
          role: 'ADMIN',
          isActive: true,
          updatedAt: new Date(),
        })
        .where(eq(users.id, existing.id));
      console.log(`Updated administrator ${email}.`);
    } else {
      await db.insert(users).values({
        email,
        passwordHash,
        role: 'ADMIN',
      });
      console.log(`Created administrator ${email}.`);
    }
  } finally {
    await pool.end();
  }
}

void main();