# services/auth.py

import streamlit as st
from streamlit_authenticator import Authenticate
from config.settings import settings
from repositories.user_repo import UserRepo
from models.db import init_db

# 1) Ensure DB tables exist
init_db()

# 2) User repo
user_repo = UserRepo(settings.database_url)

def init_auth():
    users = user_repo.get_all_users()
    user_map = {
        u.username: {"name": u.full_name, "password": u.hashed_password}
        for u in users
    }
    creds = {"usernames": user_map}
    return Authenticate(
        credentials=creds,
        cookie_name="quantum_healthcare_auth",
        key=settings.secret_key,
        cookie_expiry_days=1,
    )

# 3) Instantiate authenticator
authenticator = init_auth()

def require_login():
    # 🔧 Initialize logout flag so login() can read it
    if 'logout' not in st.session_state:
        st.session_state['logout'] = False

    login_result = authenticator.login(location="sidebar")
    if login_result is None:
        st.stop()

    name, authentication_status, username = login_result
    if not authentication_status:
        st.stop()

    # 🛑 Render the logout button once logged in
    authenticator.logout("Logout", location="sidebar")
    return username