CREATE EXTENSION pgcrypto; -- para los random bytes
-- 1. Función de generacion de uuidv7 copiada de github porque no está en postgre 16
CREATE OR REPLACE FUNCTION
  uuid_generate_v7()
RETURNS
  uuid
LANGUAGE
  plpgsql
PARALLEL SAFE
AS $$
  DECLARE
    -- The current UNIX timestamp in milliseconds
    unix_time_ms CONSTANT bytea NOT NULL DEFAULT substring(int8send((extract(epoch FROM clock_timestamp()) * 1000)::bigint) from 3);

    -- The buffer used to create the UUID, starting with the UNIX timestamp and followed by random bytes
    buffer                bytea NOT NULL DEFAULT unix_time_ms || gen_random_bytes(10);
  BEGIN
    -- Set most significant 4 bits of 7th byte to 7 (for UUID v7), keeping the last 4 bits unchanged
    buffer = set_byte(buffer, 6, (b'0111' || get_byte(buffer, 6)::bit(4))::bit(8)::int);

    -- Set most significant 2 bits of 9th byte to 2 (the UUID variant specified in RFC 4122), keeping the last 6 bits unchanged
    buffer = set_byte(buffer, 8, (b'10'   || get_byte(buffer, 8)::bit(6))::bit(8)::int);

    RETURN encode(buffer, 'hex');
  END
$$
;

-- 2. Tabla de Tarjetas
-- NUNCA se guarda el numero completo (PAN). Solo los últimos 4 dígitos.
CREATE TABLE payment_cards (
    card_id             UUID PRIMARY KEY DEFAULT uuid_generate_v7(),
    user_id             UUID REFERENCES users(user_id),
    pan_last_four       VARCHAR(4) NOT NULL,
    card_holder_name    VARCHAR(100) NOT NULL,
    status              VARCHAR(20) DEFAULT 'PENDING_ACTIVATION', -- PENDING, ACTIVE, BLOCKED, EXPIRED
    created_at          TIMESTAMPTZ DEFAULT NOW(),
    activated_at        TIMESTAMPTZ
);

-- 3. Tabla de Códigos de Activación
CREATE TABLE activation_codes (
    code_id         UUID PRIMARY KEY DEFAULT uuid_generate_v7(),
    card_id         UUID REFERENCES payment_cards(card_id), -- Una tarjeta, maximo un un código activo borrar o solo con expires_at?
    code_hash       TEXT NOT NULL, -- Guardar el código hasheado, el original se imprime y se manda
    is_used         BOOLEAN DEFAULT FALSE,
    is_blocked      BOOLEAN DEFAULT FALSE,
    failed_attempts INT DEFAULT 0,
    expires_at      TIMESTAMPTZ NOT NULL,
    created_at      TIMESTAMPTZ DEFAULT NOW()
);

-- 4. Registro de Auditoría y Dispositivos (Log de Uso)
CREATE TABLE activation_logs (
    log_id          UUID PRIMARY KEY DEFAULT uuid_generate_v7(),
    card_id         UUID REFERENCES payment_cards(card_id),
    code_id         UUID REFERENCES activation_codes(code_id),
    action_type     VARCHAR(50) NOT NULL, -- TODO: CREAR ENUM'GENERATED', 'ATTEMPT_FAILED', 'ACTIVATED'
    ip_address      INET,
    device_info     JSONB, -- Almacena user-agent, modelo, SO, etc.
    geo_location    VARCHAR(100), -- Opcional: Ciudad/País derivado de IP
    created_at      TIMESTAMPTZ DEFAULT NOW()
);

CREATE OR REPLACE FUNCTION log_activation_attempt()
RETURNS TRIGGER AS $$
BEGIN
    -- Si el intento falló (esto lo controlas desde tu lógica de UPDATE)
    -- Hay que barajar si es viable hacer los updates de failed_attempts desde aquí
    -- y nó desde código. 
    IF NEW.failed_attempts > OLD.failed_attempts THEN
        INSERT INTO activation_logs (card_id, action_type, created_at)
        VALUES (NEW.card_id, 'FAILED_ATTEMPT', NOW());
    END IF;
    
    -- Bloqueo automático si llega al límite
    IF NEW.failed_attempts >= 3 THEN
        NEW.is_blocked := TRUE;
    END IF;
    
    RETURN NEW;
END;
$$ LANGUAGE plpgsql;

CREATE TRIGGER trg_check_attempts
BEFORE UPDATE ON activation_codes
FOR EACH ROW EXECUTE FUNCTION log_activation_attempt();