/**
 * Data Service
 *
 * Replaces: ExecuteCommand, GetRDataSQL from TAmzServerImpl
 * ExecuteCommand: Runs raw SQL (Schema->Execute)
 * GetRDataSQL: Runs SQL and returns result (RDataProvider)
 *
 * SECURITY: Raw SQL execution - restrict in production!
 * Consider: whitelist allowed operations, audit logging
 */
import { Injectable, BadRequestException } from '@nestjs/common';
import { PrismaService } from '../prisma/prisma.service';

@Injectable()
export class DataService {
  constructor(private prisma: PrismaService) {}

  /**
   * Execute raw SQL command (INSERT, UPDATE, DELETE, DDL)
   * Maps to: ExecuteCommand(BSTR sql)
   */
  async executeCommand(sql: string): Promise<{ success: boolean }> {
    this.validateSql(sql);
    await this.prisma.$executeRawUnsafe(sql);
    return { success: true };
  }

  /**
   * Execute SELECT and return results as JSON
   * Maps to: GetRDataSQL(sql, fname, flag) - simplified to return JSON
   */
  async queryData(sql: string): Promise<unknown[]> {
    this.validateSql(sql, true);
    const result = await this.prisma.$queryRawUnsafe(sql);
    return result as unknown[];
  }

  /**
   * Basic SQL validation - block obvious dangerous patterns
   * @param readOnly - if true, only allow SELECT
   */
  private validateSql(sql: string, readOnly = false): void {
    const trimmed = sql.trim().toUpperCase();
    if (trimmed.includes(';') && !trimmed.endsWith(';')) {
      throw new BadRequestException('Multiple SQL statements not allowed');
    }
    if (readOnly && !trimmed.startsWith('SELECT')) {
      throw new BadRequestException('Query endpoint only allows SELECT statements');
    }
    if (/\b(DROP|TRUNCATE|ALTER)\b/.test(trimmed)) {
      throw new BadRequestException('DDL operations not allowed via this endpoint');
    }
  }
}