"""Authentication routes - Login, Logout"""

from flask import Blueprint, render_template, request, redirect, url_for, session, jsonify
from functools import wraps
from database import db
from database.models import User
import logging

auth_bp = Blueprint('auth', __name__)
logger = logging.getLogger(__name__)


def login_required(f):
    """Decorator - require user to be logged in"""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if 'user_id' not in session:
            return redirect(url_for('auth.login'))
        return f(*args, **kwargs)
    return decorated_function


@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
    """Login page and authentication"""
    if request.method == 'GET':
        if 'user_id' in session:
            return redirect(url_for('main.index'))
        
        return render_template('auth/login.html')
    
    # POST - process login
    username = request.form.get('username', '').strip()
    password = request.form.get('password', '').strip()
    
    if not username or not password:
        return render_template('auth/login.html', error='Username and password required'), 400
    
    try:
        # Find user
        user = User.query.filter_by(username=username).first()
        
        if not user:
            logger.warning(f"[AUTH] Login failed - user '{username}' not found", flush=True)
            return render_template('auth/login.html', error='Invalid credentials'), 401
        
        # Check password
        if not user.check_password(password):
            logger.warning(f"[AUTH] Login failed - wrong password for '{username}'", flush=True)
            return render_template('auth/login.html', error='Invalid credentials'), 401
        
        session.clear()
        session['user_id'] = user.id
        session['username'] = user.username
        session['is_admin'] = user.is_admin
        session.permanent = True
        
        from datetime import datetime
        user.last_login = datetime.utcnow()
        db.session.commit()
        
        logger.info(f"[AUTH] User '{username}' logged in successfully", flush=True)
        
        return redirect(url_for('main.index'))
    
    except Exception as e:
        logger.error(f"[AUTH] Login error: {e}", flush=True)
        return render_template('auth/login.html', error='Login error'), 500


@auth_bp.route('/logout', methods=['GET', 'POST'])
def logout():
    """Logout"""
    username = session.get('username', 'unknown')
    session.clear()
    logger.info(f"[AUTH] User '{username}' logged out", flush=True)
    return redirect(url_for('auth.login'))


@auth_bp.route('/api/current-user', methods=['GET'])
def current_user():
    """Get current logged in user info"""
    if 'user_id' not in session:
        return jsonify({'error': 'Not authenticated', 'success': False}), 401
    
    try:
        user = User.query.get(session['user_id'])
        
        if not user:
            session.clear()
            return jsonify({'error': 'User not found', 'success': False}), 401
        
        return jsonify({
            'success': True,
            'user': {
                'id': user.id,
                'username': user.username,
                'is_admin': user.is_admin
            }
        })
    
    except Exception as e:
        logger.error(f"[AUTH] Error getting current user: {e}", flush=True)
        return jsonify({'error': str(e), 'success': False}), 500