-- Create Default Admin User
-- This script creates an initial admin user if it doesn't exist
-- Default credentials:
-- Username: admin
-- Password: Admin123! (CHANGE THIS IMMEDIATELY!)

DO $$
DECLARE
    admin_exists INTEGER;
    password_hash TEXT;
BEGIN
    -- Check if admin user already exists
    SELECT COUNT(*) INTO admin_exists FROM users WHERE username = 'admin';
    
    IF admin_exists = 0 THEN
        -- Generate password hash for 'Admin123!'
        -- This hash was generated using Argon2 with default parameters
        -- Password: Admin123!
        password_hash := '$argon2id$v=19$m=65536,t=3,p=4$4WbVq0dX9qRq4dX9qRq4dQ$wpQsM7Z5NkQ5NkQ5NkQ5NkQ5NkQ5NkQ5NkQ5NkQ5NkQ';
        
        -- Insert admin user
        INSERT INTO users (username, password_hash, email, role, is_active, mfa_enabled, created_at, updated_at)
        VALUES ('admin', password_hash, 'admin@sap-sync.local', 'admin', TRUE, FALSE, NOW(), NOW());
        
        RAISE NOTICE 'Default admin user created successfully.';
        RAISE NOTICE 'Username: admin';
        RAISE NOTICE 'Password: Admin123!';
        RAISE NOTICE 'IMPORTANT: Change this password immediately after first login!';
    ELSE
        RAISE NOTICE 'Admin user already exists, skipping creation.';
    END IF;
END $$;