from fastapi import APIRouter, Depends, status
from fastapi.security import OAuth2PasswordRequestForm
from sqlmodel import Session

from app.db.session import get_session
from app.schemas.user import UserCreate, UserRead
from app.schemas.auth import Token, RefreshRequest
from app.services.auth_service import AuthService
from app.api.deps import get_current_user, require_roles
from app.models.user import User, Role

router = APIRouter(prefix="/api/auth", tags=["Authentication"])

# @router.post("/signup", response_model=Token, status_code=status.HTTP_201_CREATED, summary="Create a new user")
# def signup(data: UserCreate, session: Session = Depends(get_session)):
#     """
#     Register a new user and return an access + refresh token pair.
#     """
#     return AuthService.signup(data, session)

@router.post("/login", response_model=Token, status_code=status.HTTP_200_OK, summary="Log in and receive tokens")
def login(form_data: OAuth2PasswordRequestForm = Depends(), session: Session = Depends(get_session)):
    """
    Authenticate using OAuth2 form (username=email, password).
    Returns access and refresh tokens on success.
    """
    return AuthService.login(form_data.username, form_data.password, session)

@router.post("/refresh", response_model=Token, status_code=status.HTTP_200_OK, summary="Refresh tokens")
def refresh(req: RefreshRequest, session: Session = Depends(get_session)):
    """
    Exchange a valid refresh token for a new token pair.
    """
    return AuthService.refresh_token(req.refresh_token, session)

@router.post("/logout", status_code=status.HTTP_200_OK, summary="Logout (revoke refresh token)")
def logout(current_user: User = Depends(get_current_user), session: Session = Depends(get_session)):
    """
    Logout the currently authenticated user (revoke refresh token).
    """
    return AuthService.logout(current_user, session)

# @router.post("/register-admin", response_model=UserRead, status_code=status.HTTP_201_CREATED, summary="SUPERADMIN creates ADMIN")
# def register_admin(
#     data: UserCreate,
#     session: Session = Depends(get_session),
#     current_super: User = Depends(require_roles(Role.SUPERADMIN)),
# ):
#     """
#     Create an ADMIN user. This endpoint can only be called by a SUPERADMIN.
#     """
#     return AuthService.register_admin(data, session, current_super)