from fastapi import APIRouter, Depends, HTTPException, Response
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.ext.asyncio import AsyncSession

from app.auth.jwt import create_access_token, create_refresh_token
from app.models.user import User
from app.utils.db import get_async_session
from app.utils.hash_cfg import verify_password
from app.utils.logger_cfg import logger

router = APIRouter(tags=["auth"])


@router.post("/login")
async def login(
    response: Response,
    form_data: OAuth2PasswordRequestForm = Depends(),
    session: AsyncSession = Depends(get_async_session),
):
    user = await User.get_user_by_email(form_data.username, session=session)
    if not user:
        user = await User.get_user_by_username(
            form_data.username, session=session
        )

    if not user or not user.password:
        logger.warning("Login failed | username/email={}", form_data.username)
        raise HTTPException(status_code=401, detail="Invalid credentials")

    if not verify_password(form_data.password, user.password):
        logger.warning("Login failed | username/email={}", form_data.username)
        raise HTTPException(status_code=401, detail="Invalid credentials")

    access_token = create_access_token(
        {"sub": str(user.id), "token_version": user.token_version}
    )
    refresh_token = create_refresh_token(
        {"sub": str(user.id), "token_version": user.token_version}
    )

    response.set_cookie(
        key="access_token",
        value=access_token,
        httponly=True,
        secure=False,
        samesite="lax",
        max_age=60 * 60,
    )
    response.set_cookie(
        key="refresh_token",
        value=refresh_token,
        httponly=True,
        secure=True,
        samesite="lax",
        max_age=30 * 24 * 60 * 60,
    )
    logger.info("User logged in | id={} username={}", user.id, user.username)
    return {"message": "Logged in successfully"}