from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app
from flask_login import login_user, logout_user, login_required, current_user
from models import User, db
from utils.timezone import taiwan_now

auth_bp = Blueprint('auth', __name__)


@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
    if current_user.is_authenticated:
        return redirect(url_for('temp_spec.spec_list'))

    context = {}

    if request.method == 'POST':
        username = request.form['username'].strip()
        password = request.form['password']
        context['username'] = username

        if not username or not password:
            flash('請輸入帳號與密碼', 'warning')
            return render_template('login.html', **context)

        user = User.query.filter_by(username=username).first()

        if user and user.check_password(password):
            user.last_login = taiwan_now()
            db.session.commit()
            login_user(user)
            current_app.logger.info(f"User logged in via local authentication: {username}")
            return redirect(url_for('temp_spec.spec_list'))

        current_app.logger.warning(f"Failed local login attempt for: {username}")
        flash('帳號或密碼錯誤，請重新輸入', 'danger')

    return render_template('login.html', **context)


@auth_bp.route('/register', methods=['GET', 'POST'])
def register():
    if current_user.is_authenticated:
        return redirect(url_for('temp_spec.spec_list'))

    context = {}

    if request.method == 'POST':
        username = request.form['username'].strip()
        name = request.form['name'].strip()
        password = request.form['password']
        confirm_password = request.form['confirm_password']

        context['username'] = username
        context['name'] = name

        errors = []

        if not username:
            errors.append('請輸入帳號')
        if not name:
            errors.append('請輸入姓名')
        if not password:
            errors.append('請輸入密碼')
        if password and len(password) < 6:
            errors.append('密碼長度至少需 6 碼')
        if password != confirm_password:
            errors.append('確認密碼不相符')
        if username and User.query.filter_by(username=username).first():
            errors.append('帳號已存在，請改用其他帳號')

        if errors:
            for message in errors:
                flash(message, 'danger')
            return render_template('register.html', **context)

        new_user = User(username=username, name=name, role='viewer')
        new_user.set_password(password)
        new_user.last_login = taiwan_now()
        db.session.add(new_user)
        db.session.commit()
        login_user(new_user)
        current_app.logger.info(f"New user registered: {username}")
        flash('帳號建立完成，已自動登入', 'success')
        return redirect(url_for('temp_spec.spec_list'))

    return render_template('register.html', **context)


@auth_bp.route('/logout')
@login_required
def logout():
    logout_user()
    return redirect(url_for('auth.login'))