"""
One-shot script to create the super admin user in MariaDB.
Run from: d:\\ABCD\\stemgenius_new_app\\backend
"""
import secrets
import string
import sys
import os

# Use bcrypt directly — no ORM imports needed
import bcrypt
import pymysql
from dotenv import load_dotenv

load_dotenv(os.path.join(os.path.dirname(__file__), ".env"))


def generate_secure_password(length: int = 20) -> str:
    alphabet = string.ascii_letters + string.digits + "!@#$%^&*()-_=+"
    password = [
        secrets.choice(string.ascii_uppercase),
        secrets.choice(string.ascii_lowercase),
        secrets.choice(string.digits),
        secrets.choice("!@#$%^&*()-_=+"),
    ]
    password += [secrets.choice(alphabet) for _ in range(length - 4)]
    secrets.SystemRandom().shuffle(password)
    return "".join(password)


def create_superadmin():
    username = "stemadmin"
    password = generate_secure_password(20)
    password_hash = bcrypt.hashpw(password.encode(), bcrypt.gensalt(12)).decode()

    db_host = os.getenv("DB_HOST", "localhost")
    db_port = int(os.getenv("DB_PORT", 3306))
    db_name = os.getenv("DB_NAME", "stemgenius_db")
    db_user = os.getenv("DB_USER", "root")
    db_password = os.getenv("DB_PASSWORD", "")

    conn = pymysql.connect(
        host=db_host,
        port=db_port,
        database=db_name,
        user=db_user,
        password=db_password,
        charset="utf8mb4",
    )
    try:
        with conn.cursor() as cur:
            # Check existing
            cur.execute("SELECT id FROM users WHERE username = %s", (username,))
            row = cur.fetchone()
            if row:
                print(f"WARNING: User '{username}' already exists (id={row[0]}). Aborting.")
                return

            cur.execute(
                """INSERT INTO users
                   (stem_id, username, email, password_hash,
                    first_name, last_name, role,
                    is_active, is_email_verified, is_phone_verified,
                    failed_login_attempts)
                   VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s)""",
                (
                    "ADM-000001",
                    username,
                    "stemadmin@stemgenius.local",
                    password_hash,
                    "Stem",
                    "Admin",
                    "super_admin",
                    1,
                    1,
                    0,
                    0,
                ),
            )
            conn.commit()
            new_id = cur.lastrowid
    finally:
        conn.close()

    print("=" * 50)
    print("Super admin created successfully!")
    print(f"   Username : {username}")
    print(f"   Password : {password}")
    print(f"   Role     : super_admin")
    print(f"   User ID  : {new_id}")
    print("=" * 50)
    print("Save this password — it will NOT be shown again.")


if __name__ == "__main__":
    create_superadmin()