package auth

import (
	"log"

	"trade/web/internal/store"
)

// Bootstrap 在 auth.db 没有任何 admin 时,从 ADMIN_USER/ADMIN_PASS 写入一条管理员;
// 已存在 admin 时静默跳过,避免轮换 env 时静默改密。
func Bootstrap(s *store.AuthStore, adminUser, adminPass string) error {
	n, err := s.CountAdmins()
	if err != nil {
		return err
	}
	if n > 0 {
		return nil
	}
	if adminUser == "" || adminPass == "" {
		log.Printf("[bootstrap] auth.db 无 admin,但 ADMIN_USER/ADMIN_PASS 未设置,跳过引导")
		return nil
	}
	hash, err := HashPassword(adminPass)
	if err != nil {
		return err
	}
	if _, err := s.CreateUser(adminUser, hash, store.RoleAdmin); err != nil {
		return err
	}
	log.Printf("[bootstrap] admin %q created", adminUser)
	return nil
}