import { requestClient } from '#/api/request';

// 安全配置接口
export interface SecurityConfig {
  password?: {
    enablePasswordStrength: boolean;
    minPasswordLength: number;
    requireLowercase: boolean;
    requireUppercase: boolean;
    requireNumbers: boolean;
    requireSpecialChars: boolean;
    forbidCommonPasswords: boolean;
    passwordExpireDays: number;
    passwordHistoryLimit: number;
    forcePasswordChange: boolean;
  };
  login?: {
    maxLoginAttempts: number;
    lockoutDuration: number;
    enableLoginCaptcha: boolean;
    captchaTriggerAttempts: number;
    enableTwoFactor: boolean;
    forceTwoFactor: boolean;
    sessionTimeout: number;
    enableSingleSignOn: boolean;
    recordLoginLog: boolean;
  };
  ip?: {
    enableIpControl: boolean;
    accessMode: 'whitelist' | 'blacklist';
    ipWhitelist: string[];
    ipBlacklist: string[];
    adminIpWhitelist: string[];
  };
  audit?: {
    enableAudit: boolean;
    auditLoginLogout: boolean;
    auditUserManagement: boolean;
    auditRoleManagement: boolean;
    auditPermissionManagement: boolean;
    auditSystemConfig: boolean;
    auditDataExport: boolean;
    auditFileUpload: boolean;
    auditSensitiveOperations: boolean;
    auditLogRetention: number;
    enableSecondaryConfirm: boolean;
    confirmDeleteUser: boolean;
    confirmResetPassword: boolean;
    confirmModifyRole: boolean;
    confirmSystemBackup: boolean;
    confirmSystemRestore: boolean;
    confirmClearData: boolean;
    enableAnomalyDetection: boolean;
  };
}

// 安全统计接口
export interface SecurityStats {
  totalLoginAttempts: number;
  failedLoginAttempts: number;
  lockedAccounts: number;
  activeAuditLogs: number;
  blockedIpCount: number;
  securityEvents: {
    date: string;
    loginAttempts: number;
    failedLogins: number;
    securityAlerts: number;
  }[];
}

// 安全日志接口
export interface SecurityLog {
  id: string;
  userId: string;
  username: string;
  action: string;
  resource: string;
  ip: string;
  userAgent: string;
  result: 'success' | 'failed' | 'blocked';
  riskLevel: 'low' | 'medium' | 'high';
  details: string;
  createdAt: string;
}

// IP测试结果接口
export interface IpTestResult {
  ip: string;
  allowed: boolean;
  reason: string;
  matchedRule?: string;
}

// 更新安全配置参数
export interface UpdateSecurityConfigParams {
  type: 'password' | 'login' | 'ip' | 'audit';
  config: any;
}

// 获取安全配置
export function getSecurityConfigApi() {
  return requestClient.get<SecurityConfig>('/api/common/security/config');
}

// 更新安全配置
export function updateSecurityConfigApi(data: UpdateSecurityConfigParams) {
  return requestClient.put('/api/common/security/config', data);
}

// 重置安全配置
export function resetSecurityConfigApi(type: string) {
  return requestClient.post(`/api/common/security/config/reset/${type}`);
}

// 测试安全配置
export function testSecurityConfigApi(type: string, config: any) {
  return requestClient.post(`/api/common/security/config/test/${type}`, { config });
}

// 获取安全统计
export function getSecurityStatsApi(params?: {
  startDate?: string;
  endDate?: string;
  type?: string;
}) {
  return requestClient.get<SecurityStats>('/api/common/security/stats', { params });
}

// 获取安全日志
export function getSecurityLogsApi(params?: {
  page?: number;
  pageSize?: number;
  userId?: string;
  action?: string;
  result?: string;
  riskLevel?: string;
  startDate?: string;
  endDate?: string;
  ip?: string;
}) {
  return requestClient.get<{
    list: SecurityLog[];
    total: number;
    page: number;
    pageSize: number;
  }>('/api/common/security/logs', { params });
}

// 清理安全日志
export function cleanSecurityLogsApi(params: {
  beforeDate: string;
  logType?: string;
}) {
  return requestClient.delete('/api/common/security/logs/clean', { data: params });
}

// 导出安全日志
export function exportSecurityLogsApi(params?: {
  startDate?: string;
  endDate?: string;
  format?: 'excel' | 'csv';
  userId?: string;
  action?: string;
}) {
  return requestClient.post('/api/common/security/logs/export', params, {
    responseType: 'blob',
  });
}

// 测试IP访问
export function testIpAccessApi() {
  return requestClient.get<IpTestResult>('/api/common/security/ip/test');
}

// 解锁账户
export function unlockAccountApi(userId: string) {
  return requestClient.post(`/api/common/security/account/unlock/${userId}`);
}

// 批量解锁账户
export function batchUnlockAccountApi(userIds: string[]) {
  return requestClient.post('/api/common/security/account/unlock/batch', { userIds });
}

// 强制下线用户
export function forceLogoutUserApi(userId: string) {
  return requestClient.post(`/api/common/security/session/logout/${userId}`);
}

// 批量强制下线用户
export function batchForceLogoutUserApi(userIds: string[]) {
  return requestClient.post('/api/common/security/session/logout/batch', { userIds });
}

// 获取在线用户
export function getOnlineUsersApi(params?: {
  page?: number;
  pageSize?: number;
  username?: string;
  ip?: string;
}) {
  return requestClient.get('/api/common/security/session/online', { params });
}

// 验证安全配置
export function validateSecurityConfigApi(type: string, config: any) {
  return requestClient.post(`/api/common/security/config/validate/${type}`, { config });
}

// 获取安全配置模板
export function getSecurityConfigTemplateApi(type: string) {
  return requestClient.get(`/api/common/security/config/template/${type}`);
}

// 安全扫描
export function securityScanApi() {
  return requestClient.post('/api/common/security/scan');
}

// 获取安全建议
export function getSecuritySuggestionsApi() {
  return requestClient.get('/api/common/security/suggestions');
}

// 应用安全建议
export function applySecuritySuggestionApi(suggestionId: string) {
  return requestClient.post(`/api/common/security/suggestions/apply/${suggestionId}`);
}