import { Injectable, Logger } from '@nestjs/common';
import { Cron, CronExpression } from '@nestjs/schedule';
import { AccessReviewService } from '@common/services/access-review.service';

/**
 * Access Review 定时扫描（规则 §5.3.15）
 *
 * 每天凌晨 2 点扫描超期（>120 天）未复核的 UserRole，触发告警。
 * 使用 @nestjs/schedule 已在 app.module.ts 注册。
 */
@Injectable()
export class AccessReviewSchedulerService {
  private readonly logger = new Logger(AccessReviewSchedulerService.name);

  constructor(private readonly accessReview: AccessReviewService) {}

  @Cron(CronExpression.EVERY_DAY_AT_2AM, {
    name: 'access-review-scan',
    timeZone: 'Asia/Shanghai',
  })
  async handleDailyScan() {
    try {
      const overdue = await this.accessReview.scanAndAlert();
      this.logger.log(`Access Review 扫描完成，超期 ${overdue.length} 条`);
    } catch (err: any) {
      this.logger.error(
        `Access Review 扫描失败：${err.message}`,
        err.stack,
      );
    }
  }
}