import { generateStandardId } from '@logto/shared/universal';
import type { CommonQueryMethods } from 'slonik';
import { sql } from 'slonik';

import type { AlterationScript } from '../lib/types/alteration.js';

const adminTenantId = 'admin';

const addApiData = async (pool: CommonQueryMethods) => {
  const adminApi = {
    resourceId: generateStandardId(),
    scopeId: generateStandardId(),
  };
  const cloudApi = {
    resourceId: generateStandardId(),
    scopeId: generateStandardId(),
  };
  const adminRole = {
    id: generateStandardId(),
    name: 'admin:admin',
    description: 'Admin role for Logto.',
  };

  await pool.query(sql`
    insert into resources (tenant_id, id, indicator, name)
      values (
        ${adminTenantId},
        ${adminApi.resourceId},
        'https://admin.logto.app/api',
        'Logto Management API for tenant admin'
      ), (
        ${adminTenantId},
        ${cloudApi.resourceId},
        'https://cloud.logto.io/api',
        'Logto Cloud API'
      );
  `);
  await pool.query(sql`
    insert into scopes (tenant_id, id, name, description, resource_id)
      values (
        ${adminTenantId},
        ${adminApi.scopeId},
        'all',
        'Default scope for Management API, allows all permissions.',
        ${adminApi.resourceId}
      ), (
        ${adminTenantId},
        ${cloudApi.scopeId},
        'create:tenant',
        'Allow creating new tenants.',
        ${cloudApi.resourceId}
      );
  `);
  await pool.query(sql`
    insert into roles (tenant_id, id, name, description)
      values (
        ${adminTenantId},
        ${adminRole.id},
        ${adminRole.name},
        ${adminRole.description}
      );
  `);

  const { id: userRoleId } = await pool.one<{ id: string }>(sql`
    select id from roles
    where tenant_id = ${adminTenantId}
    and name = 'user'
  `);

  await pool.query(sql`
    insert into roles_scopes (tenant_id, id, role_id, scope_id)
      values (
        ${adminTenantId},
        ${generateStandardId()},
        ${userRoleId},
        ${cloudApi.scopeId}
      ), (
        ${adminTenantId},
        ${generateStandardId()},
        ${adminRole.id},
        ${adminApi.scopeId}
      );
  `);
};

const alteration: AlterationScript = {
  up: async (pool) => {
    await addApiData(pool);
    await pool.query(sql`
      insert into logto_configs (tenant_id, key, value)
      values (
        ${adminTenantId},
        'adminConsole',
        ${sql.jsonb({
          language: 'en',
          appearanceMode: 'system',
          livePreviewChecked: false,
          applicationCreated: false,
          signInExperienceCustomized: false,
          passwordlessConfigured: false,
          selfHostingChecked: false,
          communityChecked: false,
          m2mApplicationCreated: false,
        })}
      );
    `);
  },
  down: async (pool) => {
    await pool.query(sql`
      delete from resources
        where tenant_id = ${adminTenantId}
        and indicator in ('https://admin.logto.app/api', 'https://cloud.logto.io/api');
    `);
    await pool.query(sql`
      delete from roles
        where tenant_id = ${adminTenantId}
        and name = 'admin:admin';
    `);
    await pool.query(sql`
      delete from logto_configs
        where tenant_id = ${adminTenantId}
        and key = 'adminConsole';
    `);
  },
};

export default alteration;