from flask import Blueprint, render_template, request, flash, redirect, url_for, session
from werkzeug.security import generate_password_hash, check_password_hash
from extensions import get_db_connection

auth_bp = Blueprint('auth_bp', __name__)

# =========================================================
# ROOT ROUTE (Fixes 404)
# =========================================================
@auth_bp.route('/')
def index():
    if 'user_id' in session:
        return redirect(url_for('social_bp.connect_hub'))
    return redirect(url_for('auth_bp.signin'))

# =========================================================
# SIGNIN ROUTES
# =========================================================
@auth_bp.route('/signin', methods=['GET'])
def signin():
    if 'user_id' in session:
        return redirect(url_for('social_bp.connect_hub'))
    return render_template('auth.html', page='signin')

@auth_bp.route('/signin_post', methods=['POST'])
def signin_post():
    username = request.form.get('username', '').strip()
    password = request.form.get('password', '')

    conn = get_db_connection()
    cur = conn.cursor()
    cur.execute("SELECT * FROM users WHERE username = %s", (username,))
    user = cur.fetchone()
    cur.close()

    if not user or not check_password_hash(user['password_hash'], password):
        flash("❌ Invalid credentials.", "danger")
        return redirect(url_for('auth_bp.signin'))

    # Establish internal session
    session['user_id'] = user['id']
    session['username'] = user['username']
    session['email'] = user['email']

    # MANDATORY: Always redirect to connect_hub after login 
    # so the user can choose their platform.
    flash(f"Welcome, {user['username']}! Please select a platform.", "success")
    return redirect(url_for('social_bp.connect_hub'))

# =========================================================
# SIGNUP ROUTES
# =========================================================
@auth_bp.route('/signup', methods=['GET'])
def signup():
    return render_template('auth.html', page='signup')

@auth_bp.route('/signup_post', methods=['POST'])
def signup_post():
    # 1. Capture username and full_name
    username = request.form.get('username', '').strip()
    full_name = request.form.get('full_name', '').strip()
    email = request.form.get('email', '').strip().lower()
    password = request.form.get('password', '')

    conn = get_db_connection()
    cursor = conn.cursor()
    
    # 2. Check if username or email exists
    cursor.execute("SELECT id FROM users WHERE username = %s OR email = %s", (username, email))
    if cursor.fetchone():
        flash("⚠️ Username or Email already taken.", "warning")
        return redirect(url_for('auth_bp.signup'))

    # 3. Insert into database
    hashed_pw = generate_password_hash(password)
    cursor.execute("""
        INSERT INTO users (username, full_name, email, password_hash) 
        VALUES (%s, %s, %s, %s)
    """, (username, full_name, email, hashed_pw))
    
    conn.commit()
    user_id = cursor.lastrowid
    cursor.close()

    # 4. Set Session
    session['user_id'] = user_id
    session['username'] = username
    
    flash("✅ Account created! Please verify your identity.", "success")
    return redirect(url_for('social_bp.connect_hub'))

# =========================================================
# FORGOT PASSWORD & LOGOUT
# =========================================================
@auth_bp.route('/forgot_password', methods=['GET', 'POST'])
def forgot_password():
    if request.method == 'POST':
        email = request.form.get('email', '').strip().lower()
        conn = get_db_connection()
        cursor = conn.cursor()
        cursor.execute("SELECT id FROM users WHERE email=%s", (email,))
        user = cursor.fetchone()
        cursor.close()
        conn.close()

        if user:
            flash("User found. Please set a new password.", "success")
            return redirect(url_for('auth_bp.reset_password_simple', email=email))
        else:
            flash("Email not found.", "danger")
            return redirect(url_for('auth_bp.forgot_password'))
    return render_template('forgot_password.html')

@auth_bp.route('/reset_password', methods=['GET', 'POST'])
def reset_password_simple():
    email = request.args.get('email') or request.form.get('email')
    if not email:
        return redirect(url_for('auth_bp.signin'))

    if request.method == 'POST':
        password = request.form.get('password')
        confirm_password = request.form.get('confirm_password')

        if password != confirm_password:
            flash("❌ Passwords do not match.", "danger")
            return render_template('reset_password.html', email=email)

        hashed_password = generate_password_hash(password)
        conn = get_db_connection()
        cursor = conn.cursor()
        cursor.execute("UPDATE users SET password_hash=%s WHERE email=%s", (hashed_password, email))
        conn.commit()
        cursor.close()
        conn.close()

        flash("✅ Password reset successfully! Please login.", "success")
        return redirect(url_for('auth_bp.signin'))

    return render_template('reset_password.html', email=email)

@auth_bp.route('/logout_platform')
def logout_platform():
    # List of keys to clear specifically for the LinkedIn session
    keys_to_clear = [
        'linkedin_token', 
        'linkedin_user_urn', 
        'linkedin_email', 
        'user_pic', 
        'active_platform'
    ]
    
    for key in keys_to_clear:
        session.pop(key, None)
    
    # We do NOT pop 'user_id' or 'username'
    session.modified = True
    
    flash("Disconnected from LinkedIn. Choose a platform to continue.", "info")
    return redirect(url_for('social_bp.connect_hub'))

@auth_bp.route('/logout')
def logout():
    session.clear()
    flash("✅ Logged out successfully.", "success")
    return redirect(url_for('auth_bp.signin'))