from datetime import timedelta

from fastapi import APIRouter, HTTPException

from app.api.dependencies import LoginDep, SessionDep
from app.core import security
from app.core.config import settings
from app.crud import user_crud
from app.schemas.user_schemas import Token

router = APIRouter(tags=["Dashboard", "Login"])


@router.post("/login/access-token", include_in_schema=settings.is_local_environment, response_model=Token)
def login_access_token(
    session: SessionDep, form_data: LoginDep
) -> Token:
    """
    OAuth2 compatible token login for the dashboard.

    This endpoint generates an access token required for authenticating future
    requests to the dashboard section of the application. The token is valid for
    a predefined expiration period.

    - **username**: User's email
    - **password**: User's password

    **Note:** This login is restricted to dashboard access only and cannot be
    used for tenant accounts access to shops
    """
    user = None
    user = user_crud.authenticate(
        session=session, email=form_data.username, password=form_data.password, shop_id=None
    )
    if not user:
        raise HTTPException(status_code=400, detail="Incorrect email or password")
    elif not user:
        raise HTTPException(status_code=400, detail="Inactive user")
    access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
    return Token(
        access_token=security.create_access_token(
            user.id, expires_delta=access_token_expires
        )
    )