<?php

namespace Database\Seeders;

use App\Models\User;
use App\Models\Role;
use Illuminate\Database\Seeder;
use Illuminate\Support\Facades\Hash;

class UserSeeder extends Seeder
{
    /**
     * Run the database seeds.
     */
    public function run(): void
    {
        // Ensure roles exist
        $this->call(RoleSeeder::class);

        // Create Admin User
        $adminRole = Role::where('slug', 'admin')->first();

        $admin = User::updateOrCreate(
            ['email' => 'admin@siteweaver.test'],
            [
                'name' => 'Primary Admin',
                'password' => Hash::make('password'),
                'is_protected' => true,
            ]
        );

        if (! $admin->roles()->where('slug', 'admin')->exists()) {
            $admin->roles()->attach($adminRole);
        }

        // Create Editor User (No 2FA for initial testing)
        $editorRole = Role::where('slug', 'editor')->first();

        $editor = User::updateOrCreate(
            ['email' => 'editor@siteweaver.test'],
            [
                'name' => 'Site Editor',
                'password' => Hash::make('password'),
                'is_protected' => false,
            ]
        );

        if (! $editor->roles()->where('slug', 'editor')->exists()) {
            $editor->roles()->attach($editorRole);
        }

        // Create 2FA Protected Admin for testing
        $secureAdmin = User::updateOrCreate(
            ['email' => '2fa@siteweaver.test'],
            [
                'name' => 'Secure Admin',
                'password' => Hash::make('password'),
                'is_protected' => true,
                'two_factor_secret' => 'MOCK_SECRET_123',
            ]
        );

        if (! $secureAdmin->roles()->where('slug', 'admin')->exists()) {
            $secureAdmin->roles()->attach($adminRole);
        }
    }
}