/**
 * Seed un utilisateur admin pour le dev / la première install.
 * Usage : `npm run db:seed`
 *
 * Stratégie : on instancie une `betterAuth()` parallèle avec
 * `disableSignUp: false` uniquement pour le seed, puis on upgrade le
 * rôle en 'admin' en DB. La config principale (lib/auth.ts) reste
 * verrouillée à `disableSignUp: true` pour les requêtes publiques.
 */

import { config } from "dotenv";
import { eq } from "drizzle-orm";

config({ path: ".env.local" });

const ADMIN_EMAIL = process.env.SEED_ADMIN_EMAIL ?? "admin@socialex.pro";
const ADMIN_PASSWORD = process.env.SEED_ADMIN_PASSWORD ?? "ChangeMe!2025";
const ADMIN_NAME = process.env.SEED_ADMIN_NAME ?? "Admin Socialex";

async function main() {
  const { db } = await import("../lib/db");
  const { user } = await import("../lib/db/schema");
  const { betterAuth } = await import("better-auth");
  const { drizzleAdapter } = await import("better-auth/adapters/drizzle");
  const schema = await import("../lib/db/schema");

  // Instance Better Auth dédiée au seed (signUp activé).
  const seedAuth = betterAuth({
    baseURL: process.env.BETTER_AUTH_URL ?? "http://localhost:3001",
    secret: process.env.BETTER_AUTH_SECRET,
    database: drizzleAdapter(db, {
      provider: "pg",
      schema: {
        user: schema.user,
        session: schema.session,
        account: schema.account,
        verification: schema.verification,
      },
    }),
    emailAndPassword: {
      enabled: true,
      disableSignUp: false, // ← seul changement vs lib/auth.ts
      requireEmailVerification: false,
      minPasswordLength: 10,
    },
    user: {
      additionalFields: {
        role: {
          type: "string",
          defaultValue: "client",
          input: false,
        },
      },
    },
    advanced: {
      cookiePrefix: "socialex",
    },
  });

  // Existe déjà ?
  const existing = await db
    .select()
    .from(user)
    .where(eq(user.email, ADMIN_EMAIL))
    .limit(1);

  if (existing.length > 0) {
    if (existing[0].role !== "admin") {
      await db
        .update(user)
        .set({ role: "admin" })
        .where(eq(user.id, existing[0].id));
      console.log(`✅ Rôle de ${ADMIN_EMAIL} upgradé en admin.`);
    } else {
      console.log(`ℹ️  Admin ${ADMIN_EMAIL} existe déjà, rien à faire.`);
    }
    return;
  }

  const result = await seedAuth.api.signUpEmail({
    body: {
      email: ADMIN_EMAIL,
      password: ADMIN_PASSWORD,
      name: ADMIN_NAME,
    },
  });

  if (!result.user) {
    throw new Error("Échec création admin");
  }

  await db
    .update(user)
    .set({ role: "admin" })
    .where(eq(user.id, result.user.id));

  console.log("✅ Admin créé.");
  console.log(`   Email    : ${ADMIN_EMAIL}`);
  console.log(`   Password : ${ADMIN_PASSWORD}`);
  console.log("   ⚠️  À changer en prod.");
}

main()
  .then(() => process.exit(0))
  .catch((err) => {
    console.error("❌ Seed failed:", err);
    process.exit(1);
  });