"""
Authentication API routes.
"""

from typing import Any
from fastapi import APIRouter, Depends, HTTPException, status, Request
from sqlalchemy.orm import Session

from src.core.database import get_db
from src.apps.auth import services
from src.apps.auth.schemas.auth_common import (
    LoginRequestSchema,
    LoginResponseSchema,
    RegisterRequestSchema,
    RegisterResponseSchema,
    RefreshTokenRequestSchema,
    AuthTokenSchema,
    LogoutResponseSchema,
    UserProfileSchema,
)
from src.apps.auth.utils.auth import get_current_user, get_current_active_user
from src.apps.users.models.user import User

router = APIRouter()


@router.post("/login", response_model=LoginResponseSchema, status_code=status.HTTP_200_OK)
def login(
    *,
    db: Session = Depends(get_db),
    login_data: LoginRequestSchema,
    request: Request,
) -> Any:
    """
    Authenticate user by email and password.
    """
    # Extract client information
    ip_address = request.client.host if request.client else None
    user_agent = request.headers.get("user-agent")
    
    login_response, message = services.login_user(
        db, 
        login_data, 
        ip_address=ip_address, 
        user_agent=user_agent
    )
    
    if not login_response:
        if "Incorrect email or password" in message:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail=message
            )
        else:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail=message
            )
    
    return login_response


# @router.post("/register", response_model=RegisterResponseSchema, status_code=status.HTTP_201_CREATED)
# def register(
#     *,
#     db: Session = Depends(get_db),
#     register_data: RegisterRequestSchema,
# ) -> Any:
#     """
#     Register a new user.
#     """
#     # Check if user with this email already exists
#     existing_user = services.get_user_by_email(db, email=register_data.email)
#     if existing_user:
#         raise HTTPException(
#             status_code=status.HTTP_400_BAD_REQUEST,
#             detail="User with this email already exists"
#         )
    
#     # Register user using services
#     register_response, message = services.register_user(db, register_data)
#     if register_response is None:
#         raise HTTPException(
#             status_code=status.HTTP_400_BAD_REQUEST,
#             detail=message
#         )
    
#     return register_response


@router.post("/refresh", response_model=AuthTokenSchema, status_code=status.HTTP_200_OK)
def refresh_token(
    *,
    db: Session = Depends(get_db),
    refresh_request: RefreshTokenRequestSchema,
) -> Any:
    """
    Refresh access token using refresh token.
    """
    token_response, message = services.refresh_access_token(db, refresh_request)
    
    if not token_response:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=message
        )
    
    return token_response


@router.post("/logout", response_model=LogoutResponseSchema, status_code=status.HTTP_200_OK)
def logout(
    *,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user),
    request: Request,
) -> Any:
    """
    Logout current user (revoke current session).
    """
    # Extract token from the authorization header
    auth_header = request.headers.get("authorization")
    if not auth_header or not auth_header.startswith("Bearer "):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid authorization header"
        )
    
    token = auth_header.replace("Bearer ", "")
    
    # Revoke the specific session using the access token
    success = services.revoke_session_by_token(db, token)
    
    logout_response = LogoutResponseSchema(
        message="Logout successful",
        logged_out_sessions=1 if success else 0
    )
    
    return logout_response


@router.post("/logout-all", response_model=LogoutResponseSchema, status_code=status.HTTP_200_OK)
def logout_all_sessions(
    *,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user),
) -> Any:
    """
    Logout user from all sessions (revoke all user sessions).
    """
    logout_response, message = services.logout_user(db, user_id=current_user.id)
    
    return logout_response


@router.get("/me", response_model=UserProfileSchema, status_code=status.HTTP_200_OK)
def get_current_user_info(
    *,
    current_user: User = Depends(get_current_active_user),
) -> Any:
    """
    Get current authenticated user information.
    """
    return services.get_current_user_profile(current_user)


# TODO: Implement additional auth endpoints as needed
# @router.post("/logout")
# @router.post("/refresh-token")
# @router.post("/forgot-password")
# @router.post("/reset-password")
# @router.post("/verify-email")
# @router.post("/resend-verification")