/**
 * Authentication and authorization interfaces
 */

// =============================================================================
// User Types
// =============================================================================

export type TUserStatus = 'active' | 'suspended' | 'pending_verification';

export interface IUser {
  id: string;
  email: string;
  username: string;
  passwordHash: string;
  displayName: string;
  avatarUrl?: string;
  status: TUserStatus;
  emailVerified: boolean;
  mfaEnabled: boolean;
  mfaSecret?: string;
  lastLoginAt?: Date;
  lastLoginIp?: string;
  failedLoginAttempts: number;
  lockedUntil?: Date;
  isPlatformAdmin: boolean;
  createdAt: Date;
  updatedAt: Date;
}

// =============================================================================
// Organization Types
// =============================================================================

export type TOrganizationPlan = 'free' | 'team' | 'enterprise';
export type TOrganizationRole = 'owner' | 'admin' | 'member';

export interface IOrganizationSettings {
  requireMfa: boolean;
  allowPublicRepositories: boolean;
  defaultRepositoryVisibility: TRepositoryVisibility;
  allowedProtocols: TRegistryProtocol[];
}

export interface IOrganization {
  id: string;
  name: string; // URL-safe slug
  displayName: string;
  description?: string;
  avatarUrl?: string;
  plan: TOrganizationPlan;
  settings: IOrganizationSettings;
  billingEmail?: string;
  isVerified: boolean;
  verifiedDomains: string[];
  storageQuotaBytes: number;
  usedStorageBytes: number;
  createdAt: Date;
  updatedAt: Date;
  createdById: string;
}

export interface IOrganizationMember {
  id: string;
  organizationId: string;
  userId: string;
  role: TOrganizationRole;
  invitedBy?: string;
  joinedAt: Date;
  createdAt: Date;
}

// =============================================================================
// Team Types
// =============================================================================

export type TTeamRole = 'maintainer' | 'member';

export interface ITeam {
  id: string;
  organizationId: string;
  name: string;
  description?: string;
  isDefaultTeam: boolean;
  createdAt: Date;
  updatedAt: Date;
}

export interface ITeamMember {
  id: string;
  teamId: string;
  userId: string;
  role: TTeamRole;
  createdAt: Date;
}

// =============================================================================
// Repository Types
// =============================================================================

export type TRepositoryVisibility = 'public' | 'private' | 'internal';
export type TRepositoryRole = 'admin' | 'maintainer' | 'developer' | 'reader';
export type TRegistryProtocol = 'oci' | 'npm' | 'maven' | 'cargo' | 'composer' | 'pypi' | 'rubygems';

export interface IRepository {
  id: string;
  organizationId: string;
  name: string;
  description?: string;
  protocol: TRegistryProtocol;
  visibility: TRepositoryVisibility;
  storageNamespace: string;
  downloadCount: number;
  starCount: number;
  createdAt: Date;
  updatedAt: Date;
  createdById: string;
}

export interface IRepositoryPermission {
  id: string;
  repositoryId: string;
  teamId?: string;
  userId?: string;
  role: TRepositoryRole;
  createdAt: Date;
  grantedById: string;
}

// =============================================================================
// Token Types
// =============================================================================

export interface ITokenScope {
  protocol: TRegistryProtocol | '*';
  organizationId?: string;
  repositoryId?: string;
  actions: TTokenAction[];
}

export type TTokenAction = 'read' | 'write' | 'delete' | '*';

export interface IApiToken {
  id: string;
  userId: string;
  name: string;
  tokenHash: string;
  tokenPrefix: string;
  protocols: TRegistryProtocol[];
  scopes: ITokenScope[];
  expiresAt?: Date;
  lastUsedAt?: Date;
  lastUsedIp?: string;
  usageCount: number;
  isRevoked: boolean;
  revokedAt?: Date;
  revokedReason?: string;
  createdAt: Date;
  createdIp?: string;
}

// =============================================================================
// Session Types
// =============================================================================

export interface ISession {
  id: string;
  userId: string;
  userAgent: string;
  ipAddress: string;
  isValid: boolean;
  invalidatedAt?: Date;
  invalidatedReason?: string;
  lastActivityAt: Date;
  createdAt: Date;
}

// =============================================================================
// JWT Types
// =============================================================================

export interface IJwtPayload {
  sub: string; // User ID
  iss: string; // Issuer
  aud: string; // Audience
  exp: number; // Expiration
  iat: number; // Issued at
  nbf: number; // Not before
  type: 'access' | 'refresh';
  email: string;
  username: string;
  orgs: Array<{
    id: string;
    name: string;
    role: TOrganizationRole;
  }>;
  sessionId: string;
}

// =============================================================================
// Auth Results
// =============================================================================

export interface IAuthResult {
  accessToken: string;
  refreshToken: string;
  expiresIn: number;
  user: IUser;
}

export interface IValidatedToken {
  tokenId: string;
  userId: string;
  username: string;
  protocols: TRegistryProtocol[];
  scopes: ITokenScope[];
}

export interface IAuthorizationResult {
  authorized: boolean;
  reason?: string;
  userId?: string;
}

// =============================================================================
// Permission Types
// =============================================================================

export type TPermissionAction =
  | 'repo:read'
  | 'repo:write'
  | 'repo:delete'
  | 'repo:admin'
  | 'team:read'
  | 'team:write'
  | 'team:admin'
  | 'org:read'
  | 'org:write'
  | 'org:admin'
  | 'token:create'
  | 'token:revoke';

export interface IResource {
  type: 'repository' | 'organization' | 'team' | 'user';
  id: string;
}

// =============================================================================
// Create/Update DTOs
// =============================================================================

export interface ICreateUserDto {
  email: string;
  username: string;
  password: string;
  displayName?: string;
}

export interface ICreateOrganizationDto {
  name: string;
  displayName: string;
  description?: string;
}

export interface ICreateTeamDto {
  name: string;
  description?: string;
}

export interface ICreateRepositoryDto {
  name: string;
  description?: string;
  protocol: TRegistryProtocol;
  visibility?: TRepositoryVisibility;
}

export interface ICreateTokenDto {
  name: string;
  protocols: TRegistryProtocol[];
  scopes: ITokenScope[];
  expiresAt?: Date;
}