use chrono::{DateTime, Utc};
use serde::{Deserialize, Serialize};
use uuid::Uuid;

/// User record from the database
#[derive(Debug, Clone, sqlx::FromRow, Serialize)]
pub struct User {
    pub id: Uuid,
    pub email: String,
    pub username: String,
    #[serde(skip_serializing)]
    pub password_hash: String,
    #[serde(skip_serializing)]
    pub totp_secret: Option<String>,
    pub totp_enabled: bool,
    #[serde(skip_serializing)]
    pub backup_codes: Option<Vec<String>>,
    pub email_verified: bool,
    pub created_at: DateTime<Utc>,
    pub last_login_at: Option<DateTime<Utc>>,
}

/// JWT claims
#[derive(Debug, Serialize, Deserialize)]
pub struct Claims {
    pub sub: Uuid,          // user_id
    pub email: String,
    pub license_id: Option<Uuid>,
    pub role: Option<String>,
    pub is_super_admin: bool,
    pub exp: i64,
    pub iat: i64,
    pub token_type: String, // "access" or "refresh"
}

/// Login request
#[derive(Debug, Deserialize)]
pub struct LoginRequest {
    pub email: String,
    pub password: String,
}

/// Login response
#[derive(Debug, Serialize)]
pub struct AuthResponse {
    pub access_token: String,
    pub refresh_token: String,
    pub requires_totp: bool,
    pub user: UserPublic,
}

/// Public user info (no sensitive fields)
#[derive(Debug, Serialize)]
pub struct UserPublic {
    pub id: Uuid,
    pub email: String,
    pub username: String,
    pub totp_enabled: bool,
    pub email_verified: bool,
    pub is_super_admin: bool,
}

/// Registration request
#[derive(Debug, Deserialize)]
pub struct RegisterRequest {
    pub email: String,
    pub username: String,
    pub password: String,
    pub license_key: String,
}

/// TOTP verification request
#[derive(Debug, Deserialize)]
pub struct TotpRequest {
    pub code: String,
}