/**
 * Centralized audit logging for all admin/moderator/superuser actions
 * 
 * This ensures consistent logging across the application and provides
 * a single point of maintenance for audit trail functionality.
 */

import { supabase } from '@/lib/supabaseClient';
import { handleNonCriticalError } from '@/lib/errorHandler';

/**
 * Log any admin/moderator/superuser action to the audit trail
 * 
 * @param action - The action being performed (e.g., 'system_alert_resolved', 'role_granted')
 * @param details - Key-value pairs with action-specific details
 * @param targetUserId - The user affected by this action (optional, defaults to admin user)
 */
export async function logAdminAction(
  action: string,
  details: Record<string, any>,
  targetUserId?: string
): Promise<void> {
  try {
    const { data: { user } } = await supabase.auth.getUser();
    if (!user) {
      console.warn('Cannot log admin action: No authenticated user', { action, details });
      return;
    }

    await supabase.rpc('log_admin_action', {
      _admin_user_id: user.id,
      _target_user_id: targetUserId || user.id,
      _action: action,
      _details: details
    });
    
    console.log('✅ Admin action logged:', { action, targetUserId, hasDetails: Object.keys(details).length > 0 });
  } catch (error) {
    // Log error but don't throw - audit logging shouldn't block operations
    handleNonCriticalError(error, {
      action: 'Log admin action',
      metadata: { adminAction: action, details }
    });
  }
}