import { Controller, Get, Query } from '@nestjs/common';
import {
  IsISO8601,
  IsIn,
  IsInt,
  IsOptional,
  IsString,
  IsUUID,
  Max,
  MaxLength,
  Min,
} from 'class-validator';
import { Type } from 'class-transformer';
import { RequirePermissions } from '@common/decorators/permissions.decorator';
import type { IamAuditAction } from '@common/services/iam-audit.service';
import { IamAuditService } from '@common/services/iam-audit.service';

const IAM_AUDIT_ACTIONS: IamAuditAction[] = [
  'CREATE',
  'UPDATE',
  'DELETE',
  'ADMIN_BYPASS',
];

class QueryAuditLogsDto {
  @IsOptional()
  @IsUUID()
  actor?: string;

  @IsOptional()
  @IsIn(IAM_AUDIT_ACTIONS)
  action?: IamAuditAction;

  @IsOptional()
  @IsString()
  @MaxLength(64)
  resource?: string;

  @IsOptional()
  @IsISO8601()
  from?: string;

  @IsOptional()
  @IsISO8601()
  to?: string;

  @IsOptional()
  @Type(() => Number)
  @IsInt()
  @Min(1)
  page?: number;

  @IsOptional()
  @Type(() => Number)
  @IsInt()
  @Min(1)
  @Max(200)
  pageSize?: number;
}

/**
 * IAM 后台：审计日志查询（规则 §5.3.3.2）
 */
@Controller('iam/audit-logs')
export class IamAuditController {
  constructor(private readonly service: IamAuditService) {}

  @Get()
  @RequirePermissions('iam_admin:read')
  query(@Query() q: QueryAuditLogsDto) {
    return this.service.query({
      actor: q.actor,
      action: q.action,
      resource: q.resource,
      from: q.from ? new Date(q.from) : undefined,
      to: q.to ? new Date(q.to) : undefined,
      page: q.page,
      pageSize: q.pageSize,
    });
  }
}