from fastapi import APIRouter, HTTPException, Request
from fastapi.responses import RedirectResponse

from app.core.auth import get_oauth
from app.core.settings import get_settings

router = APIRouter()


@router.get("/login", include_in_schema=False)
async def login(request: Request):
    settings = get_settings()
    if not settings.azure_configured:
        raise HTTPException(
            status_code=500,
            detail=(
                "Azure Entra ID auth is not configured. Set AZURE_TENANT_ID, "
                "AZURE_CLIENT_ID, and AZURE_CLIENT_SECRET."
            ),
        )

    oauth = get_oauth()
    redirect_uri = request.url_for("auth_callback")
    return await oauth.azure.authorize_redirect(request, redirect_uri)


@router.get("/auth/callback", include_in_schema=False, name="auth_callback")
async def auth_callback(request: Request):
    oauth = get_oauth()
    token = await oauth.azure.authorize_access_token(request)
    userinfo = token.get("userinfo")
    if not userinfo:
        userinfo = await oauth.azure.parse_id_token(request, token)

    request.session["user"] = {
        "sub": userinfo.get("sub"),
        "name": userinfo.get("name") or userinfo.get("preferred_username"),
        "email": userinfo.get("email") or userinfo.get("preferred_username"),
    }
    return RedirectResponse(url="/", status_code=302)


@router.get("/logout", include_in_schema=False)
async def logout(request: Request):
    request.session.clear()
    return RedirectResponse(url="/", status_code=302)