from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from sqlalchemy.ext.asyncio import AsyncSession

from app.auth import (
    create_access_token,
    create_account,
    decode_access_token,
    get_account_by_id,
    get_account_by_username,
    verify_password,
)
from app.database import get_db
from app.schemas import ApiResponse, AuthResponse, LoginRequest, RegisterRequest, UserProfile

router = APIRouter(prefix="/api/auth", tags=["认证"])
security = HTTPBearer()


# ─── 依赖：从 Token 获取当前用户 ─────────────────────────────

async def get_current_user(
    credentials: HTTPAuthorizationCredentials = Depends(security),
    db: AsyncSession = Depends(get_db),
) -> UserProfile:
    """解析 JWT 并返回当前用户，失败则 401"""
    payload = decode_access_token(credentials.credentials)
    if payload is None:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="无效或过期的 Token")

    account = await get_account_by_id(db, payload["sub"])
    if account is None:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="用户不存在")

    return UserProfile.model_validate(account)


# ─── 注册 ──────────────────────────────────────────────────

@router.post("/register", response_model=ApiResponse, status_code=status.HTTP_201_CREATED)
async def register(body: RegisterRequest, db: AsyncSession = Depends(get_db)):
    # 检查用户名是否已存在
    existing = await get_account_by_username(db, body.username)
    if existing:
        raise HTTPException(status_code=status.HTTP_409_CONFLICT, detail="用户名已存在")

    # 创建账号
    account = await create_account(db, body.username, body.password, body.nickname)

    # 生成 token
    token = create_access_token(account.id, account.username)
    user = UserProfile.model_validate(account)

    return ApiResponse(
        data=AuthResponse(token=token, user=user).model_dump(mode="json"),
    )


# ─── 登录 ──────────────────────────────────────────────────

@router.post("/login", response_model=ApiResponse)
async def login(body: LoginRequest, db: AsyncSession = Depends(get_db)):
    account = await get_account_by_username(db, body.username)
    if account is None or not verify_password(body.password, account.password_hash):
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="用户名或密码错误")

    token = create_access_token(account.id, account.username)
    user = UserProfile.model_validate(account)

    return ApiResponse(
        data=AuthResponse(token=token, user=user).model_dump(mode="json"),
    )


# ─── 获取当前用户信息 ──────────────────────────────────────

@router.get("/me", response_model=ApiResponse)
async def me(user: UserProfile = Depends(get_current_user)):
    return ApiResponse(data=user.model_dump(mode="json"))