"""
Tool_OCR - Session Model
Secure token storage and session management for external authentication
"""

from sqlalchemy import Column, Integer, String, DateTime, Text, ForeignKey
from sqlalchemy.orm import relationship
from datetime import datetime

from app.core.database import Base


class Session(Base):
    """
    User session model for external API token management

    Stores encrypted tokens from external authentication API
    and tracks session metadata for security auditing.
    """

    __tablename__ = "tool_ocr_sessions"

    id = Column(Integer, primary_key=True, index=True, autoincrement=True)
    user_id = Column(Integer, ForeignKey("tool_ocr_users.id", ondelete="CASCADE"),
                    nullable=False, index=True,
                    comment="Foreign key to users table")
    access_token = Column(Text, nullable=True,
                         comment="Encrypted JWT access token from external API")
    id_token = Column(Text, nullable=True,
                     comment="Encrypted JWT ID token from external API")
    refresh_token = Column(Text, nullable=True,
                          comment="Encrypted refresh token (if provided by API)")
    token_type = Column(String(50), default="Bearer", nullable=False,
                       comment="Token type (typically 'Bearer')")
    expires_at = Column(DateTime, nullable=False, index=True,
                       comment="Token expiration timestamp from API")
    issued_at = Column(DateTime, nullable=False,
                      comment="Token issue timestamp from API")

    # Session metadata for security
    ip_address = Column(String(45), nullable=True,
                       comment="Client IP address (IPv4/IPv6)")
    user_agent = Column(String(500), nullable=True,
                       comment="Client user agent string")

    # Timestamps
    created_at = Column(DateTime, default=datetime.utcnow, nullable=False, index=True)
    last_accessed_at = Column(DateTime, default=datetime.utcnow,
                             onupdate=datetime.utcnow, nullable=False,
                             comment="Last time this session was used")

    # Relationships
    user = relationship("User", back_populates="sessions")

    def __repr__(self):
        return f"<Session(id={self.id}, user_id={self.user_id}, expires_at='{self.expires_at}')>"

    def to_dict(self):
        """Convert session to dictionary (excluding sensitive tokens).

        All datetime fields are serialized with 'Z' suffix to indicate UTC timezone.
        """
        return {
            "id": self.id,
            "user_id": self.user_id,
            "token_type": self.token_type,
            "expires_at": self.expires_at.isoformat() + 'Z' if self.expires_at else None,
            "issued_at": self.issued_at.isoformat() + 'Z' if self.issued_at else None,
            "ip_address": self.ip_address,
            "created_at": self.created_at.isoformat() + 'Z' if self.created_at else None,
            "last_accessed_at": self.last_accessed_at.isoformat() + 'Z' if self.last_accessed_at else None
        }

    @property
    def is_expired(self) -> bool:
        """Check if session token is expired"""
        return datetime.utcnow() >= self.expires_at if self.expires_at else True

    @property
    def time_until_expiry(self) -> int:
        """Get seconds until token expiration"""
        if not self.expires_at:
            return 0
        delta = self.expires_at - datetime.utcnow()
        return max(0, int(delta.total_seconds()))