from __future__ import annotations

from typing import Annotated

from fastapi import APIRouter, Depends, HTTPException, status

from app.api.deps import get_current_user
from app.core.database import get_connection
from app.core.schemas import LoginRequest, LoginResponse, UserProfile
from app.core.security import verify_password
from app.services import repository

router = APIRouter(prefix="/api/auth", tags=["auth"])


@router.post("/login", response_model=LoginResponse)
def login(payload: LoginRequest) -> LoginResponse:
    with get_connection() as connection:
        row = connection.execute(
            "SELECT id, username, password_hash, role, display_name FROM users WHERE username = ?",
            (payload.username,),
        ).fetchone()
        if row is None or not verify_password(payload.password, row["password_hash"]):
            raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="invalid_credentials")
        token = repository.create_session(connection, row["id"])
        user = repository.profile_from_row(row)
    return LoginResponse(token=token, user=user)


@router.get("/me", response_model=UserProfile)
def me(user: Annotated[UserProfile, Depends(get_current_user)]) -> UserProfile:
    return user