// Package authblock defines the dedicated pre-user auth-block entity stored by
// User Service.
package authblock

import (
	"fmt"
	"time"

	"galaxy/user/internal/domain/common"
)

// BlockedEmailSubject stores a blocked e-mail subject that may exist before
// any user account exists.
type BlockedEmailSubject struct {
	// Email stores the normalized blocked e-mail subject.
	Email common.Email

	// ReasonCode stores the machine-readable reason for the block.
	ReasonCode common.ReasonCode

	// BlockedAt stores when the block became effective.
	BlockedAt time.Time

	// Actor stores optional audit metadata for the block initiator.
	Actor common.ActorRef

	// ResolvedUserID stores the linked user when the blocked e-mail already
	// belongs to an existing account.
	ResolvedUserID common.UserID
}

// Validate reports whether BlockedEmailSubject satisfies the frozen Stage 02
// structural invariants.
func (record BlockedEmailSubject) Validate() error {
	if err := record.Email.Validate(); err != nil {
		return fmt.Errorf("blocked email subject email: %w", err)
	}
	if err := record.ReasonCode.Validate(); err != nil {
		return fmt.Errorf("blocked email subject reason code: %w", err)
	}
	if err := common.ValidateTimestamp("blocked email subject blocked at", record.BlockedAt); err != nil {
		return err
	}
	if !record.Actor.IsZero() {
		if err := record.Actor.Validate(); err != nil {
			return fmt.Errorf("blocked email subject actor: %w", err)
		}
	}
	if !record.ResolvedUserID.IsZero() {
		if err := record.ResolvedUserID.Validate(); err != nil {
			return fmt.Errorf("blocked email subject resolved user id: %w", err)
		}
	}

	return nil
}