package seed

import (
	"errors"

	"0451meishiditu/backend/internal/config"
	"0451meishiditu/backend/internal/models"

	"golang.org/x/crypto/bcrypt"
	"gorm.io/gorm"
)

func EnsureInitialAdmin(db *gorm.DB, cfg config.Config) error {
	var cnt int64
	if err := db.Model(&models.AdminUser{}).Count(&cnt).Error; err != nil {
		return err
	}
	if cnt > 0 {
		return nil
	}
	if cfg.AdminInitUsername == "" || cfg.AdminInitPassword == "" {
		return errors.New("ADMIN_INIT_USERNAME and ADMIN_INIT_PASSWORD are required for initial seed")
	}

	hash, err := bcrypt.GenerateFromPassword([]byte(cfg.AdminInitPassword), bcrypt.DefaultCost)
	if err != nil {
		return err
	}

	return db.Create(&models.AdminUser{
		Username:     cfg.AdminInitUsername,
		PasswordHash: string(hash),
		Role:         "admin",
	}).Error
}