from fastapi import APIRouter, Depends
from sqlalchemy.orm import Session

from app.api.deps import get_current_user
from app.db.session import get_db
from app.schemas.auth import (
    ChangePasswordRequest,
    ForgotPasswordRequest,
    ForgotPasswordResponse,
    LoginRequest,
    RefreshRequest,
    ResetPasswordRequest,
    TokenResponse,
    UserResponse,
)
from app.schemas.user_context import CurrentUser
from app.services.auth_service import AuthService, check_auth_rate_limit
from app.services.password_reset_service import PasswordResetService

router = APIRouter()


@router.post("/login", response_model=TokenResponse)
def login(
    payload: LoginRequest,
    _: None = Depends(check_auth_rate_limit),
    db: Session = Depends(get_db),
):
    return AuthService(db).login(payload.email, payload.password)


@router.post("/refresh", response_model=TokenResponse)
def refresh(
    payload: RefreshRequest,
    _: None = Depends(check_auth_rate_limit),
    db: Session = Depends(get_db),
):
    return AuthService(db).refresh(payload.refresh_token)


@router.post("/logout")
def logout(current_user: CurrentUser = Depends(get_current_user)):
    return {"message": "Logged out successfully"}


@router.get("/me", response_model=UserResponse)
def me(current_user: CurrentUser = Depends(get_current_user)):
    return UserResponse(
        id=current_user.id,
        email=current_user.email,
        full_name=current_user.full_name,
        role=current_user.role,
        agency_id=current_user.agency_id,
        agency_name=current_user.agency_name,
    )


@router.post("/change-password")
def change_password(
    payload: ChangePasswordRequest,
    _: None = Depends(check_auth_rate_limit),
    current_user: CurrentUser = Depends(get_current_user),
    db: Session = Depends(get_db),
):
    AuthService(db).change_password(current_user.id, payload.current_password, payload.new_password)
    return {"message": "Password changed successfully"}


@router.post("/forgot-password", response_model=ForgotPasswordResponse)
def forgot_password(
    payload: ForgotPasswordRequest,
    _: None = Depends(check_auth_rate_limit),
    db: Session = Depends(get_db),
):
    return PasswordResetService(db).request_reset(payload.email, payload.channel)


@router.post("/reset-password")
def reset_password(
    payload: ResetPasswordRequest,
    _: None = Depends(check_auth_rate_limit),
    db: Session = Depends(get_db),
):
    PasswordResetService(db).reset_password(payload.email, payload.otp, payload.new_password)
    return {"message": "Password reset successfully"}
