from app.core.auth import get_current_user
from fastapi import APIRouter, Depends, HTTPException, Request, Response
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.orm import Session

from app.core.database import get_db
from app.core.security import verify_password, create_access_token
from app.core.response import send_response, send_error
from app.models.user import User

router = APIRouter(prefix="/auth", tags=["Auth"])


@router.post("/login")
async def login(
    request: Request,
    response: Response,
    db: Session = Depends(get_db),
):
    body = await request.json()
    username = body.get("nip")
    password = body.get("password")
    user = db.query(User).filter(User.nip == username).first()
    if not user or not verify_password(password, user.password):
        return send_error(
            "Login gagal",
            {"nip": "nip / password salah", "password": "nip / password salah"},
            401,
        )

    token = create_access_token(data={"sub": user.id, "role_id": user.role_id})
    response.set_cookie(
        key="accessToken",
        value=token,
        httponly=True,  # penting untuk security
        secure=False,  # True kalau HTTPS
        samesite="lax",
        max_age=60 * 60,  # 1 jam
    )
    return send_response(
        {
            "accessToken": token,
            **user.to_dict(),
            "role": user.role.name if user.role else None,
            "token_type": "bearer",
        }
    )


@router.post("/logout")
async def logout(
    response: Response,
    user=Depends(get_current_user),
):
    response.delete_cookie(
        key="accessToken",
        path="/",  # HARUS sama dengan saat set_cookie
        samesite="lax",  # samakan juga
        secure=False,  # True kalau production HTTPS
    )
    return send_response(user, "Berhasil logout")