import os
import functools
from flask import request, Response
import configparser

# Docker paths
CONFIG_DIR = '/app/config'
AUTH_CFG = os.path.join(CONFIG_DIR, 'auth', 'auth.cfg')

# Ensure config directory exists
os.makedirs(os.path.dirname(AUTH_CFG), exist_ok=True)

# Load auth credentials with fallback defaults
BASIC_AUTH_USERNAME = "admin"
BASIC_AUTH_PASSWORD = "admin"

try:
    if os.path.exists(AUTH_CFG):
        auth_config = configparser.ConfigParser()
        auth_config.read(AUTH_CFG)
        if auth_config.has_section('auth'):
            BASIC_AUTH_USERNAME = auth_config.get('auth', 'username', fallback='admin')
            BASIC_AUTH_PASSWORD = auth_config.get('auth', 'password', fallback='admin')
            print(f"[AUTH] Loaded credentials from {AUTH_CFG}", flush=True)
        else:
            print(f"[AUTH] No [auth] section in {AUTH_CFG}, using defaults", flush=True)
    else:
        print(f"[AUTH] {AUTH_CFG} not found, using defaults", flush=True)
except Exception as e:
    print(f"[AUTH] Error loading config: {e}, using defaults", flush=True)

def check_auth(username, password):
    return username == BASIC_AUTH_USERNAME and password == BASIC_AUTH_PASSWORD

def authenticate():
    return Response(
        'Could not verify your access level for that URL.\n'
        'You have to login with proper credentials',
        401,
        {'WWW-Authenticate': 'Basic realm="Login Required"'}
    )

def requires_auth(f):
    @functools.wraps(f)
    def decorated_function(*args, **kwargs):
        auth = request.authorization
        if not auth or not check_auth(auth.username, auth.password):
            return authenticate()
        return f(*args, **kwargs)
    return decorated_function

def setup_auth(app):
    pass