"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.siteSettingsService = void 0;
const database_1 = require("../../config/database");
const crypto_1 = require("../../utils/crypto");
const env_1 = require("../../config/env");
// Fields to strip from public responses
const SENSITIVE_FIELDS = ['smtpHost', 'smtpPort', 'smtpUser', 'smtpPass', 'smtpFromAddress', 'testEmailRecipient', 'giteaApiToken', 'giteaOauthClientSecret', 'smsTermuxApiUrl', 'smsTermuxApiKey', 'smsTailscaleApiKey'];
// Fields that are encrypted at rest in the database
const ENCRYPTED_FIELDS = ['smtpPass', 'giteaApiToken', 'giteaOauthClientSecret', 'smsTermuxApiKey', 'smsTailscaleApiKey'];
/** Decrypt encrypted fields on a settings object (mutates in place) */
function decryptSettings(settings) {
    for (const field of ENCRYPTED_FIELDS) {
        const value = settings[field];
        if (typeof value === 'string' && value) {
            settings[field] = (0, crypto_1.decrypt)(value);
        }
    }
    return settings;
}
exports.siteSettingsService = {
    /** Full settings with encrypted fields decrypted (admin use) */
    async get() {
        let settings = await database_1.prisma.siteSettings.findFirst();
        if (!settings) {
            settings = await database_1.prisma.siteSettings.create({ data: {} });
        }
        return decryptSettings(settings);
    },
    /** Full settings + _effective object resolving actual runtime SMTP config (admin use) */
    async getEffective() {
        const settings = await this.get();
        const provider = settings.smtpActiveProvider || 'mailhog';
        let host, port, user, hasPassword, fromAddress, fromName;
        if (provider === 'mailhog') {
            host = 'mailhog-changemaker';
            port = 1025;
            user = '';
            hasPassword = false;
            fromAddress = settings.smtpFromAddress || env_1.env.SMTP_FROM;
            fromName = settings.emailFromName || env_1.env.SMTP_FROM_NAME;
        }
        else {
            host = settings.smtpHost || env_1.env.SMTP_HOST;
            port = settings.smtpPort || env_1.env.SMTP_PORT;
            user = settings.smtpUser || env_1.env.SMTP_USER;
            hasPassword = !!(settings.smtpPass || env_1.env.SMTP_PASS);
            fromAddress = settings.smtpFromAddress || env_1.env.SMTP_FROM;
            fromName = settings.emailFromName || env_1.env.SMTP_FROM_NAME;
        }
        const testMode = settings.emailTestMode;
        const testRecipient = settings.testEmailRecipient || env_1.env.TEST_EMAIL_RECIPIENT;
        return {
            ...settings,
            _effective: {
                provider,
                host,
                port,
                user,
                hasPassword,
                fromAddress,
                fromName,
                testMode,
                testRecipient,
            },
        };
    },
    /** Public-safe settings (strips SMTP credentials) */
    async getPublic() {
        const settings = await this.get();
        const result = { ...settings };
        for (const field of SENSITIVE_FIELDS) {
            delete result[field];
        }
        return result;
    },
    async update(data) {
        // Encrypt sensitive fields before writing to DB
        const toWrite = { ...data };
        for (const field of ENCRYPTED_FIELDS) {
            if (field in toWrite && typeof toWrite[field] === 'string' && toWrite[field]) {
                toWrite[field] = (0, crypto_1.encrypt)(toWrite[field]);
            }
        }
        const existing = await database_1.prisma.siteSettings.findFirst();
        let settings;
        if (existing) {
            settings = await database_1.prisma.siteSettings.update({
                where: { id: existing.id },
                data: toWrite,
            });
        }
        else {
            settings = await database_1.prisma.siteSettings.create({ data: toWrite });
        }
        return decryptSettings(settings);
    },
};
//# sourceMappingURL=settings.service.js.map