from datetime import datetime, timedelta, UTC

from cryptography.fernet import Fernet
from jose import jwt
from passlib.context import CryptContext

from app.config import settings
from app.exceptions import UserNotFoundException, UserMustConfirmEmailException
from app.services.user_service import UserService
from app.users.exceptions import IncorrectAuthDataException
from app.chat.exceptions import UserDontHavePermissionException, ChatNotFoundException
from app.unit_of_work import UnitOfWork
from app.users.schemas import SUser, SConfirmationData, SInvitationData

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")

cipher_suite = Fernet(settings.INVITATION_LINK_TOKEN_KEY)


def get_password_hash(password: str) -> str:
	return pwd_context.hash(password)


def verify_password(plain_password: str, hashed_password: str) -> bool:
	return pwd_context.verify(plain_password, hashed_password)


def create_access_token(data: dict[str, str | datetime]) -> str:
	to_encode = data.copy()
	expire = datetime.now(UTC) + timedelta(days=30)
	to_encode.update({"exp": expire})
	encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, settings.ALGORITHM)
	return encoded_jwt


def encode_invitation_token(user_data: SInvitationData) -> str:
	invitation_token = cipher_suite.encrypt(user_data.model_dump_json().encode())
	return invitation_token.decode()


def decode_invitation_token(invitation_token: str) -> SInvitationData:
	user_code = invitation_token.encode()
	user_data = cipher_suite.decrypt(user_code)
	return SInvitationData.model_validate_json(user_data)


def encode_confirmation_token(confirmation_code: str) -> str:
	invitation_token = cipher_suite.encrypt(confirmation_code.encode())
	return invitation_token.decode()


def decode_confirmation_token(invitation_token: str) -> str:
	user_code = invitation_token.encode()
	confirmation_code = cipher_suite.decrypt(user_code).decode()
	return confirmation_code


class AuthService:

	@classmethod
	async def authenticate_user(cls, uow: UnitOfWork, email_or_username: str, password: str) -> SUser:
		try:
			async with uow:
				user = await uow.user.find_one_by_username_or_email(username=email_or_username, email=email_or_username)
				if not verify_password(password, user.hashed_password):
					raise IncorrectAuthDataException
				return user
		except UserNotFoundException:
			raise IncorrectAuthDataException

	@classmethod
	async def check_verificated_user(cls, uow: UnitOfWork, user_id: int) -> None:
		user = await UserService.find_user(uow=uow, id=user_id)
		if user.role < settings.VERIFICATED_USER:
			raise UserMustConfirmEmailException

	@classmethod
	async def validate_user_access_to_chat(cls, uow: UnitOfWork, user_id: int, chat_id: int) -> None:
		try:
			async with uow:
				await uow.chat.find_one(chat_id=chat_id, user_id=user_id)
		except ChatNotFoundException:
			raise UserDontHavePermissionException