from fastapi import APIRouter, Depends, HTTPException
from config_provider import get_config, ServiceConfig
from pydantic import BaseModel
import hashlib

router = APIRouter()

class LoginRequest(BaseModel):
    username: str
    password: str

def verify_password(stored_hash, input_password):
    # Basit SHA256 hash kontrolü (salt + hash mekanizması uygulanabilir)
    input_hash = hashlib.sha256(input_password.encode()).hexdigest()
    return stored_hash == input_hash

@router.post("/auth/login")
def login(request: LoginRequest, config: ServiceConfig = Depends(get_config)):
    user = next((u for u in config.data.get('users', []) if u['username'] == request.username), None)
    if not user:
        raise HTTPException(status_code=401, detail="Invalid username or password")

    if not verify_password(user['password_hash'], request.password):
        raise HTTPException(status_code=401, detail="Invalid username or password")

    return { "status": "success" }

@router.post("/change_password")
async def change_password(request: Request):
    data = await request.json()
    username = data.get("username")
    old_password = data.get("old_password")
    new_password = data.get("new_password")
    user = next((u for u in service_config.users if u["username"] == username), None)
    if not user:
        raise HTTPException(status_code=404, detail="User not found")

    if not bcrypt.checkpw(old_password.encode(), user["password_hash"].encode()):
        raise HTTPException(status_code=401, detail="Old password is incorrect")

    new_hash = bcrypt.hashpw(new_password.encode(), bcrypt.gensalt()).decode()
    user["password_hash"] = new_hash

    with open(service_config.config_path, "w", encoding="utf-8") as f:
        json.dump(service_config, f, indent=2)

    return {"message": "Password updated successfully"}