-- Seed lessons into the database
-- This runs automatically when the database is first initialized

INSERT INTO lessons (lesson_key, title, description, module_path, config_path, difficulty_level, estimated_duration) VALUES
-- Existing lesson
('phishing-email-basics', 'Phishing Email Detection Basics', 'Learn to identify common phishing tactics in emails and protect yourself from email-based attacks', 'phishing-email-basics', 'phishing-email-basics.yaml', 'beginner', 15),

-- SQL Injection lesson
('sql-injection-shop', 'SQL Injection Attack - Online Shop Demo', 'Learn how SQL injection vulnerabilities work through a realistic online shop scenario', 'sql-injection-shop', 'sql-injection-shop.yaml', 'intermediate', 20),

-- Browser-in-the-Browser lesson
('browser-in-browser-attack', 'Browser-in-the-Browser Attack', 'Learn to recognize fake browser windows used in phishing attacks', 'browser-in-browser-attack', 'browser-in-browser-attack.yaml', 'advanced', 25),

-- New offensive security lessons
-- Combined XSS lesson (replaces xss-deeplink-demo and script-injection-forum)
('xss-comprehensive', 'Cross-Site Scripting (XSS) - Reflected & Stored Angriffe', 'Lernen Sie, wie XSS-Angriffe durch URL-Manipulation und benutzergenerierte Inhalte funktionieren und wie man sie erkennt', 'xss-comprehensive', 'xss-comprehensive.yaml', 'intermediate', 35),

('social-engineering-password', 'Social Engineering - Passwortsicherheit', 'Lernen Sie, wie persönliche Informationen aus sozialen Medien zu schwachen Passwörtern führen können', 'social-engineering-password', 'social-engineering-password.yaml', 'beginner', 20),

('idor-demo', 'IDOR - Insecure Direct Object Reference', 'Learn how insecure direct object references allow unauthorized access to other users'' data through URL manipulation', 'idor-demo', 'idor-demo.yaml', 'intermediate', 22)

ON CONFLICT (lesson_key) DO NOTHING;