from fastapi import APIRouter, Depends, HTTPException, Form
from sqlalchemy.orm import Session
from typing import Optional
from database import get_db
import models
from auth import require_admin, hash_password, get_current_user

router = APIRouter(prefix="/api/accounts", tags=["accounts"])

@router.get("")
def list_users(role: Optional[str] = None, db: Session = Depends(get_db), _=Depends(require_admin)):
    q = db.query(models.User)
    if role: q = q.filter(models.User.role == role)
    return [{
        "id": u.id, "username": u.username, "role": u.role,
        "company": u.company, "name": u.name, "phone": u.phone,
        "email": u.email, "is_active": u.is_active,
        "created_at": u.created_at.isoformat(),
    } for u in q.order_by(models.User.id).all()]

@router.post("")
def create_user(
    username: str = Form(...), password: str = Form(...),
    role: str = Form(...), name: str = Form(...),
    company: str = Form(""), phone: str = Form(""), email: str = Form(""),
    db: Session = Depends(get_db), _=Depends(require_admin)
):
    if db.query(models.User).filter_by(username=username).first():
        raise HTTPException(400, "이미 존재하는 아이디입니다.")
    u = models.User(
        username=username, password_hash=hash_password(password),
        role=role, name=name, company=company or None,
        phone=phone or None, email=email or None
    )
    db.add(u); db.commit(); db.refresh(u)
    return {"id": u.id, "username": u.username}

@router.put("/{user_id}")
def update_user(
    user_id: int,
    name: str = Form(...), company: str = Form(""),
    phone: str = Form(""), email: str = Form(""),
    is_active: bool = Form(True),
    password: Optional[str] = Form(None),
    db: Session = Depends(get_db), _=Depends(require_admin)
):
    u = db.query(models.User).filter_by(id=user_id).first()
    if not u: raise HTTPException(404)
    u.name = name; u.company = company or None
    u.phone = phone or None; u.email = email or None
    u.is_active = is_active
    if password: u.password_hash = hash_password(password)
    db.commit()
    return {"ok": True}

@router.delete("/{user_id}")
def delete_user(user_id: int, db: Session = Depends(get_db),
                current_user: models.User = Depends(require_admin)):
    if user_id == current_user.id:
        raise HTTPException(400, "자신의 계정은 삭제할 수 없습니다.")
    u = db.query(models.User).filter_by(id=user_id).first()
    if not u: raise HTTPException(404)
    u.is_active = False; db.commit()
    return {"ok": True}

@router.patch("/me/password")
def change_my_password(
    current_password: str = Form(...), new_password: str = Form(...),
    db: Session = Depends(get_db),
    current_user: models.User = Depends(get_current_user)
):
    from auth import verify_password
    if not verify_password(current_password, current_user.password_hash):
        raise HTTPException(400, "현재 비밀번호가 올바르지 않습니다.")
    current_user.password_hash = hash_password(new_password)
    db.commit()
    return {"ok": True}