# routes/auth.py
from flask import Blueprint, render_template, request, redirect, url_for, flash, current_app
from flask_login import login_user, logout_user, login_required, current_user
from werkzeug.routing import BuildError
from app.extensions import db
from app.models.user import User

auth_bp = Blueprint('auth', __name__)


@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
    """用户登录"""
    if request.method == 'POST':
        username_or_email = request.form.get('username_or_email', '').strip()
        password = request.form.get('password', '')

        # 日志：记录登录尝试
        current_app.logger.info(f"Login attempt: {username_or_email}")

        if not username_or_email:
            flash('请输入用户名或邮箱。', 'error')
            return redirect(url_for('auth.login'))
        if not password:
            flash('请输入密码。', 'error')
            return redirect(url_for('auth.login'))

        # 查找用户（支持用户名或邮箱）
        user = User.query.filter(
            (User.username == username_or_email) | (User.email == username_or_email)
        ).first()

        # ✅ 关键修改：使用 user.check_password(password)
        if user and user.check_password(password):
            if not user.is_active:
                flash('您的账户已被禁用，请联系管理员。', 'error')
                current_app.logger.warning(f"Blocked login for inactive user: {user.username}")
                return redirect(url_for('auth.login'))

            # 执行登录
            login_user(user)
            user.last_login = db.func.now()  # 更新最后登录时间
            try:
                db.session.commit()
                current_app.logger.info(
                    f"User logged in: {user.username} (ID: {user.id}, Role: {user.role})"
                )
            except Exception as e:
                db.session.rollback()
                current_app.logger.error(f"Failed to update last_login for user {user.username}: {e}")
                flash('登录成功，但登录时间记录失败。', 'warning')

            # 根据角色重定向
            if user.is_admin:
                current_app.logger.info("Redirecting admin to admin dashboard")
                try:
                    return redirect(url_for('admin.dashboard'))
                except BuildError as e:
                    current_app.logger.error(f"Admin dashboard endpoint not found: {e}")
                    return redirect('/admin/')

            elif user.is_teacher:
                current_app.logger.info("Redirecting teacher to teacher dashboard")
                try:
                    return redirect(url_for('teacher.dashboard'))  # 注意：你原代码是 'teacher.dashboard'，我猜是 'teachers'
                except BuildError as e:
                    current_app.logger.error(f"Teacher dashboard endpoint not found: {e}")
                    return redirect('/teacher/')

            elif user.is_student:
                current_app.logger.info("Redirecting student to student dashboard")
                try:
                    return redirect(url_for('student.dashboard'))  # 注意：你原代码是 'student.dashboard'，应为 'students'
                except BuildError as e:
                    current_app.logger.error(f"Student dashboard endpoint not found: {e}")
                    return redirect('/student/')

            else:
                current_app.logger.warning(f"Unknown role for user {user.username}: {user.role}")
                flash('您的账户角色未识别，请联系管理员。', 'error')
                return redirect(url_for('main.index'))

        else:
            # 登录失败
            flash('用户名或密码错误。', 'error')
            current_app.logger.warning(f"Failed login attempt for: {username_or_email}")
            return redirect(url_for('auth.login'))

    # GET 请求：显示登录页面
    return render_template('auth/login.html')


@auth_bp.route('/logout')
@login_required
def logout():
    """用户登出"""
    username = current_user.username
    logout_user()
    current_app.logger.info(f"User logged out: {username}")
    flash('您已成功退出登录。', 'info')
    return redirect(url_for('main.index'))


# 可选：注册路由（如果你需要）
@auth_bp.route('/register', methods=['GET', 'POST'])
def register():
    """用户注册（示例，可扩展）"""
    if request.method == 'POST':
        username = request.form.get('username', '').strip()
        email = request.form.get('email', '').strip().lower()
        password = request.form.get('password', '')
        confirm_password = request.form.get('confirm_password', '')

        # 简单验证
        if not username or not email or not password:
            flash('请填写所有字段。', 'error')
            return redirect(url_for('auth.register'))

        if password != confirm_password:
            flash('两次输入的密码不一致。', 'error')
            return redirect(url_for('auth.register'))

        if len(password) < 6:
            flash('密码至少需要6位。', 'error')
            return redirect(url_for('auth.register'))

        if User.query.filter_by(username=username).first():
            flash('用户名已存在。', 'error')
            return redirect(url_for('auth.register'))

        if User.query.filter_by(email=email).first():
            flash('邮箱已被注册。', 'error')
            return redirect(url_for('auth.register'))

        # 创建用户（默认为学生）
        user = User(
            username=username,
            email=email,
            role='student'  # 默认角色
        )
        user.set_password(password)  # ✅ 使用 set_password 设置哈希密码

        db.session.add(user)
        try:
            db.session.commit()
            current_app.logger.info(f"New user registered: {username} ({email})")
            flash('注册成功，请登录。', 'success')
            return redirect(url_for('auth.login'))
        except Exception as e:
            db.session.rollback()
            current_app.logger.error(f"Failed to register user {username}: {e}")
            flash('注册失败，请稍后重试。', 'error')
            return redirect(url_for('auth.register'))

    return render_template('auth/register.html')