from fastapi import Depends, HTTPException, status, Cookie
from fastapi.security import OAuth2PasswordBearer
from jose import jwt, JWTError
from sqlalchemy.orm import Session, joinedload

from app.core.config import SECRET_KEY, ALGORITHM
from app.core.database import get_db
from app.models.user import User
from app.models.role import Role
from app.models.unit import Unit
from app.models.permission_role import PermissionRole

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/login")


def get_current_user(
    access_token: str | None = Cookie(default=None, alias="accessToken"),
    db: Session = Depends(get_db),
) -> User:
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Invalid authentication",
        headers={"WWW-Authenticate": "Bearer"},
    )
    print(access_token, 1111111111111)
    if not access_token:
        raise credentials_exception
    try:
        payload = jwt.decode(access_token, SECRET_KEY, algorithms=[ALGORITHM])
        print(payload)
        user_id: str = payload.get("sub")
        if not user_id:
            raise credentials_exception
    except JWTError as e:
        print(e)
        raise credentials_exception
    user = (
        db.query(User)
        .options(
            joinedload(User.role)
            .joinedload(Role.permissions)
            .joinedload(PermissionRole.permission),
            joinedload(User.unit),
        )
        .filter(User.id == user_id)
        .first()
    )
    db.refresh(user)
    if not user or not user.is_active:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="User anda non aktif",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return user


def check_user_status(
    unit_slug: str,
    existing_status_level: int,
    new_status: str,
    user_id: str,
):
    new_status = "disetujui" if new_status == "setuju" else "ditolak"
    data = {}
    if existing_status_level <= 2:
        data["status_slug"] = f"{new_status}_atasan"
        data["kanit_id"] = user_id
    elif existing_status_level >= 3:
        if unit_slug == "keuangan":
            data["status_slug"] = f"{new_status}_keuangan"
            data["kanit_keuangan_id"] = user_id
        elif unit_slug == "tu":
            data["status_slug"] = f"{new_status}_tu"
            data["tu_id"] = user_id
        elif unit_slug == "operasional":
            data["status_slug"] = f"{new_status}_manager"
            data["manager_id"] = user_id
    return data