from datetime import datetime
from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm
from fastapi import Depends, APIRouter
from sqlalchemy.orm import Session
from fastapi import status, HTTPException
from typing import Annotated
from db.session import get_db
from core.hashing import Hasher
from core.config import settings
from jose import JWTError, jwt
from schemas.token import Token, TokenPayload
from db.repository.user import get_user_by_email, get_user_by_phone
from core.auth import create_access_token


router = APIRouter()
oauth2_scheme = OAuth2PasswordBearer(
    tokenUrl="/token",
)


def authenticate_user(login: str, password: str, db: Session):
    print("Trying to auth...")
    user = None
    if "@" in login:
        user = get_user_by_email(email=login, db=db)
    elif "+" in login:
        user = get_user_by_phone(phone=login, db=db)
    else:
        return False
    if not user:
        return False
    if not Hasher.verify_password(password, user.HashedPassword):
        return False
    return user


def get_current_user(
    token: Annotated[str, Depends(oauth2_scheme)],
    db: Annotated[Session, Depends(get_db)],
):
    print("Getting current user...")
    try:
        payload = jwt.decode(
            token, settings.SECRET_KEY, algorithms=[settings.ALGORITHM]
        )
        token_data = TokenPayload(**payload)

        if datetime.fromtimestamp(token_data.exp) < datetime.now():
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail="Session expired. Please login again.",
            )
        username: str = payload.get("sub")
        if username is None:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail="Could not validate credentials",
            )
    except JWTError:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Could not validate credentials",
        )
    if "@" in username:
        user = get_user_by_email(email=username, db=db)
    elif "+" in username:
        user = get_user_by_phone(phone=username, db=db)
    else:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Could not validate credentials",
        )
    return user


@router.post("/token", response_model=Token)
def access_token(
    form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db)
):
    print("Getting token...")
    user = authenticate_user(form_data.username, form_data.password, db)
    print(user)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid username or password",
        )
    access_token = create_access_token(data={"sub": user.Email})
    print("TOKENS ARE: ")
    print(access_token)
    return {
        "access_token": access_token,
        "token_type": "bearer",
    }