import secrets
from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.orm import Session
from ..database import get_db
from ..models import APIKey
from ..schemas import APIKeyOut, KeyRevokeIn
from ..core.security import get_current_user

router = APIRouter(prefix="/api/keys", tags=["API Keys"])

@router.get("", response_model=list[APIKeyOut])
def list_keys(db: Session = Depends(get_db), user = Depends(get_current_user)):
    rows = db.query(APIKey).filter(APIKey.user_id == user.id).order_by(APIKey.created_at.desc()).all()
    return rows

@router.post("/generate", response_model=APIKeyOut)
def generate_key(db: Session = Depends(get_db), user = Depends(get_current_user)):
    key = "chb_" + secrets.token_urlsafe(32)
    row = APIKey(key=key, user_id=user.id)
    db.add(row)
    db.commit()
    db.refresh(row)
    return row

@router.post("/revoke")
def revoke_key(payload: KeyRevokeIn, db: Session = Depends(get_db), user = Depends(get_current_user)):
    row = db.query(APIKey).filter(APIKey.user_id == user.id, APIKey.key == payload.key).first()
    if not row:
        raise HTTPException(status_code=404, detail="Key not found")
    row.revoked = True
    db.commit()
    return {"revoked": payload.key}