from typing import Annotated

from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.orm import Session

from .. import crud, models, schemas, security
from ..database import get_db

router = APIRouter(prefix="/api/yatra/admin", tags=["admin-auth"])


@router.post("/login", response_model=schemas.Token)
def login(
    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
    db: Annotated[Session, Depends(get_db)],
) -> schemas.Token:
    """OAuth2 password login. `username` is the admin email."""
    admin = crud.get_admin_by_email(db, form_data.username)
    if (
        admin is None
        or not admin.is_active
        or not security.verify_password(
            form_data.password,
            admin.hashed_password
        )
    ):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect email or password",
            headers={"WWW-Authenticate": "Bearer"},
        )
    token = security.create_access_token(subject=admin.email, role=admin.role)
    return schemas.Token(access_token=token)


@router.get("/me", response_model=schemas.AdminUserOut)
def read_me(
    current: Annotated[models.AdminUser, Depends(security.get_current_admin)],
) -> models.AdminUser:
    return current