from fastapi import APIRouter, HTTPException
from pydantic import BaseModel, ConfigDict
from sqlalchemy import select
from sqlalchemy.orm import Session

from app.core.database import get_db
from app.core.models import SystemConfig

router = APIRouter(prefix="/api/config", tags=["config"])


# ===== Helpers =====

def _get_secret_masked(db: Session, key_name: str) -> str | None:
    row = db.get(SystemConfig, key_name)
    if not row:
        return None
    if row.is_secret and row.key_value:
        return "******"
    return row.key_value


def _upsert_secret(db: Session, key_name: str, value: str, is_secret: bool = False):
    row = db.get(SystemConfig, key_name)
    if row:
        row.key_value = value
        row.is_secret = is_secret
    else:
        row = SystemConfig(key_name=key_name, key_value=value, is_secret=is_secret)
        db.add(row)
    db.commit()


# ===== SMTP =====

class SMTPConfigResponse(BaseModel):
    smtp_host: str | None
    smtp_port: int | None
    smtp_user: str | None
    smtp_password: str | None
    smtp_from_name: str | None
    smtp_from_email: str | None
    smtp_use_tls: bool | None


class SMTPConfigUpdate(BaseModel):
    smtp_host: str | None = None
    smtp_port: int | None = None
    smtp_user: str | None = None
    smtp_password: str | None = None
    smtp_from_name: str | None = None
    smtp_from_email: str | None = None
    smtp_use_tls: bool | None = None


smtp_keys = ["smtp_host", "smtp_port", "smtp_user", "smtp_password",
             "smtp_from_name", "smtp_from_email", "smtp_use_tls"]


@router.get("/smtp", response_model=SMTPConfigResponse)
def get_smtp_config(db: Session = Depends(get_db)):
    result = {}
    for key in smtp_keys:
        if key == "smtp_use_tls":
            raw = _get_secret_masked(db, "smtp_use_tls")
            result["smtp_use_tls"] = raw.lower() == "true" if raw else True
        elif key == "smtp_port":
            raw = _get_secret_masked(db, key)
            result["smtp_port"] = int(raw) if raw else None
        else:
            result[key] = _get_secret_masked(db, key)
    return SMTPConfigResponse(**result)


@router.put("/smtp", response_model=SMTPConfigResponse)
def update_smtp_config(data: SMTPConfigUpdate, db: Session = Depends(get_db)):
    update_map = data.model_dump(exclude_unset=True)
    for key, value in update_map.items():
        is_secret = key == "smtp_password"
        if key == "smtp_use_tls":
            value = "true" if value else "false"
        if key == "smtp_port" and value is not None:
            value = str(value)
        _upsert_secret(db, key, str(value) if value is not None else "", is_secret=is_secret)
    db.commit()
    return get_smtp_config(db)


# ===== Telegram =====

class TelegramConfigResponse(BaseModel):
    bot_token: str | None


class TelegramConfigUpdate(BaseModel):
    bot_token: str | None = None


@router.get("/telegram", response_model=TelegramConfigResponse)
def get_telegram_config(db: Session = Depends(get_db)):
    return TelegramConfigResponse(bot_token=_get_secret_masked(db, "telegram_bot_token"))


@router.put("/telegram", response_model=TelegramConfigResponse)
def update_telegram_config(data: TelegramConfigUpdate, db: Session = Depends(get_db)):
    if data.bot_token is not None:
        _upsert_secret(db, "telegram_bot_token", data.bot_token, is_secret=True)
    return get_telegram_config(db)