from fastapi import FastAPI, Request, HTTPException
from fastapi.middleware.cors import CORSMiddleware
from slowapi import Limiter, _rate_limit_exceeded_handler
from slowapi.util import get_remote_address
from slowapi.errors import RateLimitExceeded
from slowapi.middleware import SlowAPIMiddleware
import sys
import os

# Add shared modules to path
sys.path.append('/app')

from shared.config import settings
from shared.redis_client import redis_client

# Rate limiter
limiter = Limiter(key_func=get_remote_address)

def add_cors_middleware(app: FastAPI):
    """Add CORS middleware to the FastAPI app"""
    app.add_middleware(
        CORSMiddleware,
        allow_origins=settings.allowed_origins,
        allow_credentials=True,
        allow_methods=["*"],
        allow_headers=["*"],
    )

def add_rate_limiting_middleware(app: FastAPI):
    """Add rate limiting middleware to the FastAPI app"""
    app.state.limiter = limiter
    app.add_exception_handler(RateLimitExceeded, _rate_limit_exceeded_handler)
    app.add_middleware(SlowAPIMiddleware)

async def log_requests_middleware(request: Request, call_next):
    """Log all requests for monitoring"""
    import time
    import logging
    
    logger = logging.getLogger("auth_service")
    start_time = time.time()
    
    # Log request
    logger.info(f"Request: {request.method} {request.url}")
    
    response = await call_next(request)
    
    # Log response
    process_time = time.time() - start_time
    logger.info(f"Response: {response.status_code} - {process_time:.4f}s")
    
    return response

async def security_headers_middleware(request: Request, call_next):
    """Add security headers to responses"""
    response = await call_next(request)
    
    # Add security headers
    response.headers["X-Content-Type-Options"] = "nosniff"
    response.headers["X-Frame-Options"] = "DENY"
    response.headers["X-XSS-Protection"] = "1; mode=block"
    # Only add HSTS when over HTTPS
    if request.url.scheme == "https":
        response.headers["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains"
    response.headers["Referrer-Policy"] = "strict-origin-when-cross-origin"
    
    return response

async def detect_suspicious_activity(request: Request):
    """Detect suspicious activity based on request patterns"""
    client_ip = get_remote_address(request)
    
    # Check for rate limiting violations
    rate_limit_key = f"rate_limit:{client_ip}"
    current_requests = await redis_client.get(rate_limit_key)
    
    if current_requests and int(current_requests) > settings.rate_limit_requests:
        # Log suspicious activity
        await redis_client.set(
            f"suspicious_activity:{client_ip}",
            "rate_limit_exceeded",
            expire=3600
        )
        
        raise HTTPException(
            status_code=429,
            detail="Too many requests. Please try again later."
        )
    
    # Increment request counter
    if current_requests:
        await redis_client.increment(rate_limit_key)
    else:
        await redis_client.set(rate_limit_key, 1, expire=settings.rate_limit_period)