# routes/auth_routes.py - Authentication Routes

from flask import Blueprint, request, jsonify, session, redirect, url_for, send_from_directory
from db import get_db
from auth import login_required, admin_required, get_current_user

auth_bp = Blueprint('auth', __name__)


@auth_bp.route('/login')
def login_page():
    """Serve login page."""
    if 'user_id' in session:
        return redirect(url_for('main.index'))
    return send_from_directory('templates', 'login.html')


@auth_bp.route('/api/auth/login', methods=['POST'])
def login():
    """Handle user login."""
    data = request.json
    username = data.get('username', '').strip()
    password = data.get('password', '')
    
    if not username or not password:
        return jsonify({'error': 'Username and password are required'}), 400
    
    db = get_db()
    cursor = db.cursor()
    
    cursor.execute('''
        SELECT id, username, password, role, is_active 
        FROM users WHERE username = ?
    ''', (username,))
    
    user = cursor.fetchone()
    
    if not user:
        return jsonify({'error': 'Invalid username or password'}), 401
    
    if not user['is_active']:
        return jsonify({'error': 'Account is disabled. Contact your administrator.'}), 403
    
    if user['password'] != password:
        return jsonify({'error': 'Invalid username or password'}), 401
    
    # Set session
    session['user_id'] = user['id']
    session['username'] = user['username']
    session['user_role'] = user['role']
    
    # Update last login
    cursor.execute('''
        UPDATE users SET last_login = CURRENT_TIMESTAMP WHERE id = ?
    ''', (user['id'],))
    db.commit()
    
    print(f"✅ User logged in: {username} (role: {user['role']})")
    
    return jsonify({
        'success': True,
        'user': {
            'id': user['id'],
            'username': user['username'],
            'role': user['role']
        }
    })


@auth_bp.route('/api/auth/logout', methods=['POST'])
def logout():
    """Handle user logout."""
    username = session.get('username', 'Unknown')
    session.clear()
    print(f"👋 User logged out: {username}")
    return jsonify({'success': True})


@auth_bp.route('/api/auth/me', methods=['GET'])
@login_required
def get_me():
    """Get current user info."""
    user = get_current_user()
    return jsonify({'user': user})


@auth_bp.route('/api/auth/change-password', methods=['POST'])
@login_required
def change_password():
    """Change current user's password."""
    data = request.json
    current_password = data.get('current_password', '')
    new_password = data.get('new_password', '')
    
    if not current_password or not new_password:
        return jsonify({'error': 'Current password and new password are required'}), 400
    
    if len(new_password) < 4:
        return jsonify({'error': 'New password must be at least 4 characters'}), 400
    
    db = get_db()
    cursor = db.cursor()
    
    cursor.execute('SELECT password FROM users WHERE id = ?', (session['user_id'],))
    user = cursor.fetchone()
    
    if not user or user['password'] != current_password:
        return jsonify({'error': 'Current password is incorrect'}), 401
    
    cursor.execute('UPDATE users SET password = ? WHERE id = ?', (new_password, session['user_id']))
    db.commit()
    
    return jsonify({'success': True, 'message': 'Password changed successfully'})