#!/usr/bin/env dotnet-script
#r "nuget: MongoDB.Driver, 2.23.1"

using System;
using System.Security.Cryptography;
using MongoDB.Driver;
using MongoDB.Bson;

// Configuration
var connectionString = "mongodb://localhost:27017";
var databaseName = "SkyArtShopDB";
var collectionName = "AdminUsers";
var adminEmail = "admin@skyartshop.com";

// Get password from command line or use default
var newPassword = Args.Count > 0 ? Args[0] : "Admin123!";

Console.WriteLine("========================================");
Console.WriteLine("SkyArt Shop - Direct Password Reset");
Console.WriteLine("========================================");
Console.WriteLine();
Console.WriteLine($"Email: {adminEmail}");
Console.WriteLine($"New Password: {newPassword}");
Console.WriteLine();

// Hash password using PBKDF2 (same as AuthService)
string HashPassword(string password)
{
    using var rng = RandomNumberGenerator.Create();
    var salt = new byte[16];
    rng.GetBytes(salt);

    using var pbkdf2 = new Rfc2898DeriveBytes(password, salt, 10000, HashAlgorithmName.SHA256);
    var hash = pbkdf2.GetBytes(32);

    var hashBytes = new byte[48];
    Array.Copy(salt, 0, hashBytes, 0, 16);
    Array.Copy(hash, 0, hashBytes, 16, 32);

    return Convert.ToBase64String(hashBytes);
}

try
{
    var client = new MongoClient(connectionString);
    var database = client.GetDatabase(databaseName);
    var collection = database.GetCollection<BsonDocument>(collectionName);

    // Find existing admin
    var filter = Builders<BsonDocument>.Filter.Eq("Email", adminEmail);
    var existingUser = await collection.Find(filter).FirstOrDefaultAsync();

    var newPasswordHash = HashPassword(newPassword);

    if (existingUser != null)
    {
        // Update existing user
        var update = Builders<BsonDocument>.Update
            .Set("PasswordHash", newPasswordHash)
            .Set("LastLogin", DateTime.UtcNow);

        var result = await collection.UpdateOneAsync(filter, update);
        
        if (result.ModifiedCount > 0)
        {
            Console.WriteLine("✓ Password updated successfully!");
        }
        else
        {
            Console.WriteLine("⚠️  User found but not updated");
        }
    }
    else
    {
        // Create new admin user
        var newUser = new BsonDocument
        {
            { "Email", adminEmail },
            { "PasswordHash", newPasswordHash },
            { "Name", "System Administrator" },
            { "Role", "MasterAdmin" },
            { "Permissions", new BsonArray 
                { 
                    "manage_users", "manage_products", "manage_orders", 
                    "manage_content", "manage_settings", "view_reports", 
                    "manage_finances", "manage_inventory", "manage_customers", 
                    "manage_blog", "manage_portfolio", "manage_pages" 
                } 
            },
            { "IsActive", true },
            { "CreatedAt", DateTime.UtcNow },
            { "LastLogin", BsonNull.Value },
            { "CreatedBy", "Direct Reset Script" },
            { "Phone", BsonNull.Value },
            { "Notes", $"Created via direct reset on {DateTime.UtcNow:yyyy-MM-dd HH:mm:ss}" }
        };

        await collection.InsertOneAsync(newUser);
        Console.WriteLine("✓ New admin user created!");
    }

    Console.WriteLine();
    Console.WriteLine("========================================");
    Console.WriteLine("✓ Success!");
    Console.WriteLine("========================================");
    Console.WriteLine();
    Console.WriteLine("Login credentials:");
    Console.WriteLine($"  Email: {adminEmail}");
    Console.WriteLine($"  Password: {newPassword}");
    Console.WriteLine();
    Console.WriteLine("Login URL: https://skyarts.ddns.net/admin/login");
    Console.WriteLine();
}
catch (Exception ex)
{
    Console.WriteLine($"✗ Error: {ex.Message}");
    Environment.Exit(1);
}