#!/usr/bin/env python3
# -*- coding: utf-8 -*-
"""
PerToolBox Server - 认证路由
Copyright (C) 2024 Sea Network Technology Studio
Author: Canglan <admin@sea-studio.top>
License: AGPL v3
"""

import re
from fastapi import APIRouter, HTTPException, status
from sqlalchemy.orm import Session
from ...dependencies import DbDependency
from ...models import User
from ...schemas import (
    SendCodeRequest, RegisterRequest, LoginRequest, UserResponse
)
from ...utils.redis_client import redis_client
from ...utils.security import generate_verify_code, hash_password, verify_password, create_access_token
from ...utils.sms import send_sms
from ...utils.email import send_email
from ...utils.logger import logger
from ...middleware.rate_limit import rate_limit

router = APIRouter(prefix="/api/v1/auth", tags=["auth"])

def is_phone(account: str) -> bool:
    return re.match(r'^1[3-9]\d{9}$', account) is not None

def is_email(account: str) -> bool:
    return re.match(r'^[\w\.-]+@[\w\.-]+\.\w+$', account) is not None

@router.post("/send-code")
@rate_limit(requests=1, period=60)  # 同一账号每分钟1次
async def send_verify_code(request: SendCodeRequest, db: DbDependency):
    """发送验证码"""
    account = request.account
    account_type = request.type

    # 验证账号格式
    if account_type == "phone" and not is_phone(account):
        raise HTTPException(status_code=400, detail="手机号格式错误")
    if account_type == "email" and not is_email(account):
        raise HTTPException(status_code=400, detail="邮箱格式错误")

    # 检查是否已存在（注册时使用）
    # 这里只负责发送，不检查是否存在

    # 生成验证码
    code = generate_verify_code()

    # 存储到 Redis（5分钟有效）
    redis_key = f"verify:code:{account}"
    redis_client.set(redis_key, code, expire=300)

    # 发送验证码
    success = False
    if account_type == "phone":
        success = send_sms(account, code)
    else:
        success = await send_email(account, code)

    if not success:
        raise HTTPException(status_code=500, detail="验证码发送失败")

    logger.info(f"验证码已发送: {account} -> {code}")
    return {"success": True, "message": "验证码已发送"}

@router.post("/register")
@rate_limit(requests=5, period=60)
async def register(request: RegisterRequest, db: DbDependency):
    """注册（手机号/邮箱 + 验证码）"""
    account = request.account
    code = request.code
    password = request.password

    # 验证验证码
    redis_key = f"verify:code:{account}"
    saved_code = redis_client.get(redis_key)
    if not saved_code or saved_code != code:
        raise HTTPException(status_code=400, detail="验证码错误或已过期")

    # 检查用户是否已存在
    if is_phone(account):
        existing = db.query(User).filter(User.phone == account).first()
        if existing:
            raise HTTPException(status_code=400, detail="手机号已注册")
        user = User(phone=account, password_hash=hash_password(password))
    elif is_email(account):
        existing = db.query(User).filter(User.email == account).first()
        if existing:
            raise HTTPException(status_code=400, detail="邮箱已注册")
        user = User(email=account, password_hash=hash_password(password))
    else:
        raise HTTPException(status_code=400, detail="账号格式错误")

    db.add(user)
    db.commit()
    db.refresh(user)

    # 删除已使用的验证码
    redis_client.delete(redis_key)

    # 生成 token
    token = create_access_token({"sub": str(user.id)})

    logger.info(f"新用户注册: {account}")
    return {
        "success": True,
        "token": token,
        "user": UserResponse.model_validate(user)
    }

@router.post("/login")
@rate_limit(requests=10, period=60)
async def login(request: LoginRequest, db: DbDependency):
    """登录（支持验证码登录或密码登录）"""
    account = request.account
    password = request.password
    code = request.code

    # 查找用户
    user = None
    if is_phone(account):
        user = db.query(User).filter(User.phone == account).first()
    elif is_email(account):
        user = db.query(User).filter(User.email == account).first()
    else:
        raise HTTPException(status_code=400, detail="账号格式错误")

    if not user:
        raise HTTPException(status_code=400, detail="用户不存在")

    # 验证码登录
    if code:
        redis_key = f"verify:code:{account}"
        saved_code = redis_client.get(redis_key)
        if not saved_code or saved_code != code:
            raise HTTPException(status_code=400, detail="验证码错误或已过期")
        redis_client.delete(redis_key)

    # 密码登录
    elif password:
        if not verify_password(password, user.password_hash):
            raise HTTPException(status_code=400, detail="密码错误")
    else:
        raise HTTPException(status_code=400, detail="请提供验证码或密码")

    # 更新最后登录时间
    from datetime import datetime
    user.last_login = datetime.now()
    db.commit()

    token = create_access_token({"sub": str(user.id)})

    logger.info(f"用户登录: {account}")
    return {
        "success": True,
        "token": token,
        "user": UserResponse.model_validate(user)
    }

@router.post("/wechat/login")
async def wechat_login():
    """微信公众号登录（预留）"""
    # TODO: 实现公众号 OAuth2 登录
    raise HTTPException(status_code=501, detail="功能开发中")