package entities

import (
	"time"

	"go.mongodb.org/mongo-driver/v2/bson"
)

// AuthProvider represents a configured OAuth/OIDC provider
type AuthProvider struct {
	ID               bson.ObjectID `bson:"_id,omitempty"`
	Name             string        `bson:"name"`
	Type             string        `bson:"type"` // "oidc", "oauth2"
	ClientID         string        `bson:"client_id"`
	ClientSecret     string        `bson:"client_secret"` // Encrypted in DB
	AuthorizationURL string        `bson:"authorization_url"`
	TokenURL         string        `bson:"token_url"`
	UserInfoURL      string        `bson:"userinfo_url"`
	Scopes           []string      `bson:"scopes"`
	IDTokenClaim     string        `bson:"id_token_claim,omitempty"`
	IsActive         bool          `bson:"is_active"`
	CreatedAt        time.Time     `bson:"created_at"`
	UpdatedAt        time.Time     `bson:"updated_at"`
}

// LoginAttempt tracks login attempts for brute-force protection
type LoginAttempt struct {
	ID        bson.ObjectID `bson:"_id,omitempty"`
	Email     string        `bson:"email"`
	IPAddress string        `bson:"ip_address"`
	Success   bool          `bson:"success"`
	Reason    string        `bson:"reason,omitempty"`
	CreatedAt time.Time     `bson:"created_at"`
	ExpiresAt time.Time     `bson:"expires_at"`
}

// FeatureFlags controls app-wide behavior toggles.
type FeatureFlags struct {
	RegistrationEnabled  bool `bson:"registration_enabled"`
	ProviderLoginEnabled bool `bson:"provider_login_enabled"`
	PublicSharingEnabled bool `bson:"public_sharing_enabled"`
}

// NewDefaultFeatureFlags returns safe defaults for a new deployment.
func NewDefaultFeatureFlags() *FeatureFlags {
	return &FeatureFlags{
		RegistrationEnabled:  true,
		ProviderLoginEnabled: true,
		PublicSharingEnabled: true,
	}
}