import { pool } from "../../shared/db/pool.js";

const SESSION_TTL_DAYS = 14;

export async function createSession({ user_id, ip = null, user_agent = null }) {
  const sql = `
    INSERT INTO system_sessions (user_id, ip, user_agent, expires_at)
    VALUES ($1, $2, $3, NOW() + ($4 || ' days')::interval)
    RETURNING id, user_id, expires_at, created_at
  `;
  const { rows } = await pool.query(sql, [user_id, ip, user_agent, String(SESSION_TTL_DAYS)]);
  return rows[0];
}

/**
 * Devuelve user + session si la sesión existe, no está revocada y no expiró.
 */
export async function findActiveSessionWithUser(sessionId) {
  if (!sessionId) return null;
  const sql = `
    SELECT
      s.id          AS session_id,
      s.expires_at,
      s.user_id,
      u.email,
      u.name,
      u.active
    FROM system_sessions s
    JOIN system_users u ON u.id = s.user_id
    WHERE s.id = $1
      AND s.revoked_at IS NULL
      AND s.expires_at > NOW()
      AND u.active = true
    LIMIT 1
  `;
  try {
    const { rows } = await pool.query(sql, [sessionId]);
    return rows[0] || null;
  } catch {
    // sessionId inválido (no es UUID) → no es una sesión válida.
    return null;
  }
}

export async function revokeSession(sessionId) {
  if (!sessionId) return false;
  try {
    const { rowCount } = await pool.query(
      `UPDATE system_sessions SET revoked_at = NOW() WHERE id = $1 AND revoked_at IS NULL`,
      [sessionId],
    );
    return rowCount > 0;
  } catch {
    return false;
  }
}

export async function purgeExpiredSessions() {
  await pool.query(`DELETE FROM system_sessions WHERE expires_at < NOW() - INTERVAL '7 days'`);
}