from __future__ import annotations

import logging
from typing import Any

from app.integrations.seeyon import SeeyonClient
from app.jobs.base import BaseJob


logger = logging.getLogger("connecthub.extensions.sync_oa_to_didi")


def _mask_token(token: str) -> str:
    token = token or ""
    if len(token) <= 12:
        return "***"
    return f"{token[:6]}***{token[-4:]}"


class SyncOAToDidiTokenJob(BaseJob):
    """
    示例 Job：演示致远 OA 的 token 获取与日志记录（不做任何业务同步）。

    public_cfg:
      - base_url: "https://oa.example.com"

    secret_cfg (解密后):
      - rest_user
      - rest_password
      - loginName (可选)
    """

    job_id = "sync_oa_to_didi.token_demo"

    def run(self, params: dict[str, Any], secrets: dict[str, Any]) -> dict[str, Any]:
        base_url = str(params.get("base_url") or "").strip()
        if not base_url:
            raise ValueError("public_cfg.base_url is required")

        rest_user = str(secrets.get("rest_user") or "").strip()
        rest_password = str(secrets.get("rest_password") or "").strip()
        login_name = secrets.get("loginName")
        login_name = str(login_name).strip() if login_name else None

        if not rest_user or not rest_password:
            raise ValueError("secret_cfg.rest_user and secret_cfg.rest_password are required")

        client = SeeyonClient(base_url=base_url, rest_user=rest_user, rest_password=rest_password, loginName=login_name)
        try:
            token = client.authenticate()
        finally:
            client.close()

        masked = _mask_token(token)
        logger.info("Seeyon token acquired (masked) token=%s loginName=%s base_url=%s", masked, login_name, base_url)
        return {"token_masked": masked, "loginName": login_name or "", "base_url": base_url}