from fastapi import APIRouter, Depends, HTTPException, status, Request, Query
from typing import Optional
import sys

# Add shared modules to path
sys.path.append('/app')

from app.schemas.token import TokenValidationResponse, UserSessions
from app.services.token_service import TokenService
from app.core.dependencies import get_current_active_user, get_optional_current_user
from app.models.user import User

router = APIRouter(prefix="/tokens", tags=["Token Management"])

@router.post("/validate", response_model=TokenValidationResponse)
async def validate_token(payload: dict):
    """Validate a JWT token (used by other services)"""
    try:
        token = payload.get("token")
        if not token:
            return TokenValidationResponse(valid=False, error="token is required")
        result = await TokenService.validate_token(token)
        return result
        
    except Exception as e:
        return TokenValidationResponse(
            valid=False,
            error=f"Validation error: {str(e)}"
        )

@router.post("/blacklist")
async def blacklist_token(
    token: str,
    reason: str = "manual",
    current_user: User = Depends(get_current_active_user)
):
    """Blacklist a token"""
    try:
        success = await TokenService.blacklist_token(token, reason)
        
        if success:
            return {"message": "Token blacklisted successfully"}
        else:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail="Failed to blacklist token"
            )
            
    except Exception:
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Failed to blacklist token"
        )

@router.get("/sessions", response_model=UserSessions)
async def get_user_sessions(
    current_user: User = Depends(get_current_active_user),
    request: Request = None
):
    """Get all active sessions for current user"""
    try:
        # Extract current token for session identification
        current_token = None
        if request:
            auth_header = request.headers.get("authorization", "")
            if auth_header.startswith("Bearer "):
                current_token = auth_header.split(" ")[1]
        
        result = await TokenService.get_user_sessions(
            str(current_user.id), 
            current_token
        )
        
        return UserSessions(
            sessions=result.get("sessions", []),
            total_count=result.get("total_count", 0)
        )
        
    except Exception as e:
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail=f"Failed to get sessions: {str(e)}"
        )

@router.delete("/sessions/{session_id}")
async def revoke_session(
    session_id: str,
    current_user: User = Depends(get_current_active_user)
):
    """Revoke a specific session"""
    try:
        success = await TokenService.revoke_session(str(current_user.id), session_id)
        
        if success:
            return {"message": "Session revoked successfully"}
        else:
            raise HTTPException(
                status_code=status.HTTP_404_NOT_FOUND,
                detail="Session not found or already revoked"
            )
            
    except Exception as e:
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail=f"Failed to revoke session: {str(e)}"
        )

@router.post("/cleanup")
async def cleanup_expired_tokens():
    """Cleanup expired tokens and sessions (admin endpoint)"""
    try:
        result = await TokenService.cleanup_expired_tokens()
        return result
        
    except Exception as e:
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail=f"Cleanup failed: {str(e)}"
        )

@router.get("/info")
async def get_token_info(
    current_user: Optional[User] = Depends(get_optional_current_user),
    request: Request = None
):
    """Get information about the current token"""
    if not current_user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="No valid token provided"
        )
    
    try:
        # Get token from header
        auth_header = request.headers.get("authorization", "") if request else ""
        if not auth_header.startswith("Bearer "):
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail="Invalid authorization header"
            )
        
        token = auth_header.split(" ")[1]
        
        # Validate token and get info
        from shared.security import verify_token
        payload = verify_token(token)
        
        if not payload:
            raise HTTPException(
                status_code=status.HTTP_401_UNAUTHORIZED,
                detail="Invalid token"
            )
        
        return {
            "user_id": payload.get("sub"),
            "email": payload.get("email"),
            "username": payload.get("username"),
            "issued_at": payload.get("iat"),
            "expires_at": payload.get("exp"),
            "token_type": payload.get("type", "access")
        }
        
    except HTTPException:
        raise
    except Exception as e:
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail=f"Failed to get token info: {str(e)}"
        )