use crate::config::{self, Config, config_path};
use anyhow::Result;

pub async fn run(action: crate::ConfigAction) -> Result<()> {
    match action {
        crate::ConfigAction::SetDb { url } => {
            // Verify connection before writing config
            let pool = crate::db::create_pool(&url)
                .await
                .map_err(|e| anyhow::anyhow!("Database connection failed: {}", e))?;
            drop(pool);
            println!("Database connection successful.");

            let cfg = Config {
                database_url: Some(url.clone()),
            };
            config::save_config(&cfg)?;
            println!("Database URL saved to: {}", config_path()?.display());
            println!("  {}", mask_password(&url));
        }
        crate::ConfigAction::Show => {
            let cfg = config::load_config()?;
            match cfg.database_url {
                Some(url) => {
                    println!("database_url = {}", mask_password(&url));
                    println!("config file:  {}", config_path()?.display());
                }
                None => {
                    println!("Database URL not configured.");
                    println!("Run: secrets config set-db <DATABASE_URL>");
                }
            }
        }
        crate::ConfigAction::Path => {
            println!("{}", config_path()?.display());
        }
    }
    Ok(())
}

/// Mask the password in a postgres://user:password@host/db URL.
fn mask_password(url: &str) -> String {
    if let Some(at_pos) = url.rfind('@')
        && let Some(scheme_end) = url.find("://")
    {
        let prefix = &url[..scheme_end + 3];
        let credentials = &url[scheme_end + 3..at_pos];
        let rest = &url[at_pos..];
        if let Some(colon_pos) = credentials.find(':') {
            let user = &credentials[..colon_pos];
            return format!("{}{}:***{}", prefix, user, rest);
        }
    }
    url.to_string()
}