#!/usr/bin/env python
"""
用户管理工具
- 用户数据存储在 users.xlsx (Excel)
- 密码使用 SHA256 哈希存储
- 支持命令行操作：add / list / delete / reset-pwd

用法：
  python user_manager.py add <username> <password> <display_name> [role]
  python user_manager.py list
  python user_manager.py delete <username>
  python user_manager.py reset-pwd <username> <new_password>
"""
import hashlib
import os
import sys
import uuid
from datetime import datetime

try:
    from openpyxl import Workbook, load_workbook
except ImportError:
    print("请先安装 openpyxl: pip install openpyxl")
    sys.exit(1)

BASE_DIR = os.path.dirname(os.path.abspath(__file__))
DB_FILE = os.path.join(BASE_DIR, "users.xlsx")

COLUMNS = ["id", "username", "password", "display_name", "phone", "role", "created_at"]


def hash_password(password: str) -> str:
    """SHA256 密码哈希"""
    salt = "zhengfangyuan2026"
    return hashlib.sha256((password + salt).encode()).hexdigest()


def verify_password(password: str, hashed: str) -> bool:
    """验证密码"""
    return hash_password(password) == hashed


def init_db():
    """初始化 Excel 数据库"""
    if not os.path.exists(DB_FILE):
        wb = Workbook()
        ws = wb.active
        ws.title = "users"
        ws.append(COLUMNS)
        # 默认管理员
        ws.append([
            str(uuid.uuid4())[:8],
            "admin",
            hash_password("admin123"),
            "管理员",
            "",
            "admin",
            datetime.now().strftime("%Y-%m-%d %H:%M:%S")
        ])
        wb.save(DB_FILE)
        print(f"已创建用户数据库: {DB_FILE}")
        print("默认管理员账号: admin / admin123")
        return True
    return False


def get_all_users():
    """获取所有用户"""
    if not os.path.exists(DB_FILE):
        init_db()
    wb = load_workbook(DB_FILE)
    ws = wb.active
    users = []
    for row in ws.iter_rows(min_row=2, values_only=True):
        if row[1]:  # username 不为空
            u = dict(zip(COLUMNS, row))
            # 兼容旧数据（无 phone 列）
            if "phone" not in u:
                u["phone"] = ""
            users.append(u)
    wb.close()
    return users


def find_user(username: str):
    """查找用户"""
    users = get_all_users()
    for u in users:
        if u["username"] == username:
            return u
    return None


def verify_user(username: str, password: str):
    """验证用户登录，成功返回用户信息，失败返回 None"""
    user = find_user(username)
    if user and verify_password(password, user["password"]):
        return {
            "username": user["username"],
            "display_name": user["display_name"],
            "phone": user.get("phone", ""),
            "role": user["role"],
        }
    return None


def add_user(username: str, password: str, display_name: str, phone: str = "", role: str = "user"):
    """添加用户"""
    if find_user(username):
        print(f"错误: 用户 '{username}' 已存在")
        return False

    if not os.path.exists(DB_FILE):
        init_db()

    wb = load_workbook(DB_FILE)
    ws = wb.active
    ws.append([
        str(uuid.uuid4())[:8],
        username,
        hash_password(password),
        display_name,
        phone,
        role,
        datetime.now().strftime("%Y-%m-%d %H:%M:%S")
    ])
    wb.save(DB_FILE)
    wb.close()
    print(f"用户 '{username}' ({display_name}) 添加成功，角色: {role}")
    return True


def list_users():
    """列出所有用户"""
    users = get_all_users()
    if not users:
        print("暂无用户")
        return

    print(f"\n{'用户名':<16} {'显示名称':<12} {'手机号':<14} {'角色':<10} {'创建时间'}")
    print("-" * 78)
    for u in users:
        print(f"{u['username']:<16} {u['display_name']:<12} {u.get('phone',''):<14} {u['role']:<10} {u['created_at']}")
    print(f"\n共 {len(users)} 个用户")


def delete_user(username: str):
    """删除用户"""
    if username == "admin":
        print("错误: 不能删除管理员账号")
        return False

    if not find_user(username):
        print(f"错误: 用户 '{username}' 不存在")
        return False

    wb = load_workbook(DB_FILE)
    ws = wb.active
    for row in ws.iter_rows(min_row=2):
        if row[1].value == username:  # username 列
            ws.delete_rows(row[0].row)
            break
    wb.save(DB_FILE)
    wb.close()

    # 同时删除该用户的内容数据
    records_file = os.path.join(BASE_DIR, "data", f"{username}_records.json")
    if os.path.exists(records_file):
        os.remove(records_file)
        print(f"已删除用户数据文件: {records_file}")

    print(f"用户 '{username}' 已删除")
    return True


def reset_password(username: str, new_password: str):
    """重置密码"""
    user = find_user(username)
    if not user:
        print(f"错误: 用户 '{username}' 不存在")
        return False

    wb = load_workbook(DB_FILE)
    ws = wb.active
    for row in ws.iter_rows(min_row=2):
        if row[1].value == username:
            row[2].value = hash_password(new_password)  # password 列
            break
    wb.save(DB_FILE)
    wb.close()
    print(f"用户 '{username}' 密码已重置")
    return True


if __name__ == "__main__":
    if len(sys.argv) < 2:
        print("用法:")
        print("  python user_manager.py init                        # 初始化数据库")
        print("  python user_manager.py add <用户名> <密码> <显示名> [手机号] [角色]")
        print("  python user_manager.py list                        # 列出所有用户")
        print("  python user_manager.py delete <用户名>              # 删除用户")
        print("  python user_manager.py reset-pwd <用户名> <新密码>  # 重置密码")
        sys.exit(1)

    cmd = sys.argv[1]

    if cmd == "init":
        init_db()
    elif cmd == "add":
        if len(sys.argv) < 5:
            print("用法: python user_manager.py add <用户名> <密码> <显示名> [手机号] [角色]")
            sys.exit(1)
        username = sys.argv[2]
        password = sys.argv[3]
        display_name = sys.argv[4]
        phone = sys.argv[5] if len(sys.argv) > 5 else ""
        role = sys.argv[6] if len(sys.argv) > 6 else "user"
        add_user(username, password, display_name, phone, role)
    elif cmd == "list":
        list_users()
    elif cmd == "delete":
        if len(sys.argv) < 3:
            print("用法: python user_manager.py delete <用户名>")
            sys.exit(1)
        delete_user(sys.argv[2])
    elif cmd == "reset-pwd":
        if len(sys.argv) < 4:
            print("用法: python user_manager.py reset-pwd <用户名> <新密码>")
            sys.exit(1)
        reset_password(sys.argv[2], sys.argv[3])
    else:
        print(f"未知命令: {cmd}")
        sys.exit(1)
