from datetime import datetime, timedelta, timezone
from typing import Optional

from jose import JWTError, jwt
from passlib.context import CryptContext

from sorrydb.leaderboard.api.app_config import settings
from sorrydb.leaderboard.database.postgres_database import SQLDatabase
from sorrydb.leaderboard.model.user import User

pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")


def hash_password(password: str) -> str:
    return pwd_context.hash(password)


def verify_password(plain_password: str, hashed_password: str) -> bool:
    return pwd_context.verify(plain_password, hashed_password)


def create_access_token(data: dict) -> str:
    to_encode = data.copy()
    expire = datetime.now(timezone.utc) + timedelta(
        minutes=settings.access_token_expire_minutes
    )
    to_encode.update({"exp": expire})
    return jwt.encode(to_encode, settings.secret_key, algorithm=settings.algorithm)


def decode_access_token(token: str) -> Optional[dict]:
    try:
        payload = jwt.decode(
            token, settings.secret_key, algorithms=[settings.algorithm]
        )
        return payload
    except JWTError:
        return None


def authenticate_user(email: str, password: str, db: SQLDatabase) -> Optional[User]:
    user = db.get_user_by_email(email)
    if not user or not verify_password(password, user.hashed_password):
        return None
    return user


def register_user(db: SQLDatabase, email: str, password: str) -> User:
    hashed_password = hash_password(password)
    user = User(email=email, hashed_password=hashed_password)
    db.add_user(user)
    return user


def change_user_password(db: SQLDatabase, user_id: str, new_password: str) -> User:
    user = db.get_user_by_id(user_id)
    if not user:
        raise ValueError("User not found")
    
    user.hashed_password = hash_password(new_password)
    db.session.commit()
    db.session.refresh(user)
    return user
