from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session

from api.auth import create_access_token, require_auth, verify_password
from db.database import get_db
from db.models import User
from schemas import LoginRequest, TokenResponse

router = APIRouter(prefix="/auth", tags=["auth"])


@router.post("/login", response_model=TokenResponse)
def login(req: LoginRequest, db: Session = Depends(get_db)):
    user = (
        db.query(User)
        .filter(User.username == req.username, User.is_active == True)  # noqa: E712
        .first()
    )
    if not user or not verify_password(req.password, user.password_hash):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Ungültiger Benutzername oder Passwort",
        )
    token = create_access_token(
        {"sub": user.id, "username": user.username, "role": user.role}
    )
    return TokenResponse(access_token=token, username=user.username, role=user.role)


@router.get("/me", response_model=dict)
def me(principal: dict = Depends(require_auth)):
    return {"username": principal["username"], "role": principal["role"]}