package com.social.media.application.user.handler;

import com.social.media.application.user.command.ConfirmPasswordResetCommand;
import com.social.media.domain.user.aggregate.User;
import com.social.media.domain.user.repository.UserRepository;
import com.social.media.domain.shared.exception.BusinessRuleViolationException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import java.time.LocalDateTime;

@Service
public class ConfirmPasswordResetCommandHandler {
    
    private final UserRepository userRepository;
    private final PasswordEncoder passwordEncoder;
    
    public ConfirmPasswordResetCommandHandler(UserRepository userRepository, PasswordEncoder passwordEncoder) {
        this.userRepository = userRepository;
        this.passwordEncoder = passwordEncoder;
    }
    
    @Transactional
    public void handle(ConfirmPasswordResetCommand command) {
        User user = userRepository.findByPasswordResetToken(command.token())
            .orElseThrow(() -> new BusinessRuleViolationException("Invalid or expired reset token"));
        
        // Check if token is still valid (not expired)
        if (user.getPasswordResetExpiry() == null || user.getPasswordResetExpiry().isBefore(LocalDateTime.now())) {
            throw new BusinessRuleViolationException("Password reset token has expired");
        }
        
        // Encode new password and update
        String encodedPassword = passwordEncoder.encode(command.newPassword());
        user.changePassword(encodedPassword);
        
        // Clear reset token
        user.setPasswordResetToken(null, null);
        
        userRepository.save(user);
    }
}
