const User = require('../models/User');

const DEFAULT_PASSWORD_HASH = '$2a$10$oTRgsRPyEWJf5h4pOqRyyejUH7F.90X8bzZyQat7kjBJHlJLmB9Ha';

const seedUsers = [
  {
    full_name: 'System Admin',
    email: 'admin@dss.local',
    role: 'Admin',
    phone: '9999999999'
  },
  {
    full_name: 'HR Officer',
    email: 'hr@dss.local',
    role: 'HR',
    phone: '9999999998'
  },
  {
    full_name: 'Safety Officer',
    email: 'safety@dss.local',
    role: 'Safety_Officer',
    phone: '9999999997'
  }
];

async function ensureSeedUsers() {
  for (const user of seedUsers) {
    await User.updateOne(
      { email: user.email },
      {
        $setOnInsert: {
          ...user,
          password_hash: DEFAULT_PASSWORD_HASH,
          must_reset_password: false,
          is_active: true,
          password_changed_at: new Date()
        }
      },
      { upsert: true }
    );
  }
}

module.exports = { ensureSeedUsers };