package common

import (
	"strings"
	"sync"
	
	"github.com/shadow1ng/fscan/common"
)

// DefaultCredentialManager 默认凭据管理器实现
type DefaultCredentialManager struct {
	credentials []Credential
	lockedUsers map[string]bool
	mutex       sync.RWMutex
}

// NewPasswordCredentialManager 创建密码认证凭据管理器
func NewPasswordCredentialManager() *DefaultCredentialManager {
	mgr := &DefaultCredentialManager{
		lockedUsers: make(map[string]bool),
	}
	mgr.generatePasswordCredentials()
	return mgr
}

// NewHashCredentialManager 创建哈希认证凭据管理器
func NewHashCredentialManager() *DefaultCredentialManager {
	mgr := &DefaultCredentialManager{
		lockedUsers: make(map[string]bool),
	}
	mgr.generateHashCredentials()
	return mgr
}

// generatePasswordCredentials 生成密码凭据列表
func (m *DefaultCredentialManager) generatePasswordCredentials() {
	for _, user := range common.Userdict["smb"] {
		for _, pass := range common.Passwords {
			actualPass := strings.ReplaceAll(pass, "{user}", user)
			m.credentials = append(m.credentials, Credential{
				Username: user,
				Password: actualPass,
				Hash:     []byte{},
				IsHash:   false,
			})
		}
	}
}

// generateHashCredentials 生成哈希凭据列表
func (m *DefaultCredentialManager) generateHashCredentials() {
	for _, user := range common.Userdict["smb"] {
		for _, hash := range common.HashBytes {
			m.credentials = append(m.credentials, Credential{
				Username: user,
				Password: "",
				Hash:     hash,
				IsHash:   true,
			})
		}
	}
}

// GenerateCredentials 获取所有凭据
func (m *DefaultCredentialManager) GenerateCredentials() []Credential {
	m.mutex.RLock()
	defer m.mutex.RUnlock()
	
	result := make([]Credential, len(m.credentials))
	copy(result, m.credentials)
	return result
}

// HandleAuthFailure 处理认证失败
func (m *DefaultCredentialManager) HandleAuthFailure(username string, err error) {
	if err == nil {
		return
	}
	
	errMsg := strings.ToLower(err.Error())
	isLocked := strings.Contains(errMsg, "locked") || 
		strings.Contains(errMsg, "account has been automatically locked") ||
		strings.Contains(errMsg, "user account has been automatically locked")
	
	if isLocked {
		m.mutex.Lock()
		m.lockedUsers[username] = true
		m.mutex.Unlock()
		
		common.LogError("用户 " + username + " 已被锁定")
	}
}

// IsUserLocked 检查用户是否被锁定
func (m *DefaultCredentialManager) IsUserLocked(username string) bool {
	m.mutex.RLock()
	defer m.mutex.RUnlock()
	return m.lockedUsers[username]
}

// GetCredentialCount 获取凭据总数
func (m *DefaultCredentialManager) GetCredentialCount() int {
	m.mutex.RLock()
	defer m.mutex.RUnlock()
	return len(m.credentials)
}