from flask import Blueprint, render_template, redirect, url_for, flash, request
from flask_login import login_user, logout_user, current_user, login_required
from werkzeug.security import generate_password_hash, check_password_hash
from app.core.extensions import db
from app.core.auth import User
import re
from flask_wtf.csrf import CSRFProtect

bp = Blueprint("auth", __name__, url_prefix="/auth")
csrf = CSRFProtect()


@bp.route("/login", methods=["GET", "POST"])
def login():
    """User login"""
    if current_user.is_authenticated:
        return redirect(url_for("dashboard.dashboard_home"))

    if request.method == "POST":
        email = request.form.get("email")
        password = request.form.get("password")
        remember = "remember" in request.form

        user = User.query.filter_by(email=email).first()

        if not user or not user.check_password(password):
            flash("Invalid email or password", "danger")
            return render_template("auth/login.html", title="Login")

        login_user(user, remember=remember)

        next_page = request.args.get("next")
        if not next_page or not next_page.startswith("/"):
            next_page = url_for("dashboard.dashboard_home")

        return redirect(next_page)

    return render_template("auth/login.html", title="Login")


@bp.route("/register", methods=["GET", "POST"])
@csrf.exempt  # Remove for production! Temporary allow registration without CSRF
def register():
    """User registration"""
    if current_user.is_authenticated:
        return redirect(url_for("dashboard.dashboard_home"))

    if request.method == "POST":
        email = request.form.get("email")
        username = request.form.get("username")
        password = request.form.get("password")
        password_confirm = request.form.get("password_confirm")

        # Validate form data
        error = None
        if not email or not username or not password:
            error = "All fields are required."
        elif not re.match(r"[^@]+@[^@]+\.[^@]+", email):
            error = "Please enter a valid email address."
        elif password != password_confirm:
            error = "Passwords do not match."
        elif User.query.filter_by(email=email).first():
            error = "Email address already registered."
        elif User.query.filter_by(username=username).first():
            error = "Username already taken."

        if error:
            flash(error, "danger")
        else:
            # Create new user
            new_user = User(email=email, username=username)
            new_user.set_password(password)

            db.session.add(new_user)
            db.session.commit()

            # Log the user in automatically
            login_user(new_user)
            flash("Registration successful! Welcome!", "success")
            return redirect(url_for("dashboard.dashboard_home"))

    return render_template("auth/register.html", title="Register")


@bp.route("/logout")
@login_required
def logout():
    """User logout"""
    logout_user()
    flash("You have been logged out", "info")
    return redirect(url_for("auth.login"))