#  Copyright 2026 zhaoxi826
#
#  Licensed under the Apache License, Version 2.0 (the "License");
#  you may not use this file except in compliance with the License.
#  You may obtain a copy of the License at
#
#       http://www.apache.org/licenses/LICENSE-2.0
#
#  Unless required by applicable law or agreed to in writing, software
#  distributed under the License is distributed on an "AS IS" BASIS,
#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
#  See the License for the specific language governing permissions and
#  limitations under the License.

from fastapi import APIRouter
from fastapi import Depends
from pydantic import BaseModel
from pretor.utils.access import Accessor, TokenData
from fastapi.concurrency import run_in_threadpool
from pretor.utils.ray_hook import ray_actor_hook
from pretor.utils.check_user.role_check import RoleChecker
from pretor.core.database.table.user import UserAuthority
from pretor.utils.error import UserNotExistError

auth_router = APIRouter(prefix="/api/v1/auth", tags=["auth"])

class UserRegister(BaseModel):
    user_name: str
    password: str

@auth_router.post("/register")
async def create_user(user_register: UserRegister):
    postgres_database = ray_actor_hook("postgres_database").postgres_database
    hashed_password = await run_in_threadpool(Accessor.hash_password, user_register.password)
    user = await postgres_database.auth_database.remote("add_user", user_register.user_name, hashed_password)
    return {"message": "success", "user_id": user.user_id}

class UserLogin(BaseModel):
    user_name: str
    password: str

@auth_router.post("/login")
async def login_user(user_login: UserLogin):
    postgres_database = ray_actor_hook("postgres_database").postgres_database
    user = await postgres_database.auth_database.remote("login_user", user_login.user_name)
    if not user:
        raise UserNotExistError()
    token = await run_in_threadpool(Accessor.login_hashed_password, user, user_login.password)
    return {"message":"success", "token":token}

class ChangeAuthorityRequest(BaseModel):
    user_id: str
    new_authority: UserAuthority

@auth_router.put("/authority")
async def change_authority(
    request: ChangeAuthorityRequest,
    _: TokenData = Depends(RoleChecker(allowed_roles=UserAuthority.SUPER_ADMINISTRATOR))
):
    """
    Update a user's authority level. Only accessible by SUPER_ADMINISTRATOR.
    """
    postgres_database = ray_actor_hook("postgres_database").postgres_database
    user = await postgres_database.auth_database.remote("change_user_authority", user_id=request.user_id, new_authority=request.new_authority)
    return {"message": "success", "user_id": user.user_id, "new_authority": user.user_authority}

@auth_router.get("/list")
async def get_user_list(
    _: TokenData = Depends(RoleChecker(allowed_roles=UserAuthority.SUPER_ADMINISTRATOR))
):
    """
    Get a list of all users. Only accessible by SUPER_ADMINISTRATOR.
    """
    postgres_database = ray_actor_hook("postgres_database").postgres_database
    users = await postgres_database.auth_database.remote("get_all_users")
    return {"users": [{"user_id": u.user_id, "user_name": u.user_name, "role": u.user_authority} for u in users]}

@auth_router.delete("/{user_id}")
async def delete_user(
    user_id: str,
    _: TokenData = Depends(RoleChecker(allowed_roles=UserAuthority.SUPER_ADMINISTRATOR))
):
    """
    Delete a user. Only accessible by SUPER_ADMINISTRATOR.
    """
    postgres_database = ray_actor_hook("postgres_database").postgres_database
    await postgres_database.auth_database.remote("delete_user_by_id", user_id=user_id)
    return {"message": "success"}