"""
Authentication service for user login and password management
"""

from typing import Optional
from passlib.context import CryptContext
from src.database.models import User
from src.database.repositories import UserRepository


# Configure password hashing context using bcrypt
pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto")


class AuthService:
    """Service for handling user authentication and password operations"""
    
    def __init__(self, user_repository: UserRepository):
        """
        Initialize the authentication service
        
        Args:
            user_repository: Repository for user data access
        """
        self.user_repository = user_repository
    
    @staticmethod
    def hash_password(password: str) -> str:
        """
        Securely hash a password using bcrypt
        
        Args:
            password: The plain text password to hash
        
        Returns:
            The hashed password string
        """
        return pwd_context.hash(password)
    
    @staticmethod
    def verify_password(plain_password: str, hashed_password: str) -> bool:
        """
        Verify a plain text password against a hashed password
        
        Args:
            plain_password: The plain text password to verify
            hashed_password: The hashed password to compare against
        
        Returns:
            True if password matches, False otherwise
        """
        return pwd_context.verify(plain_password, hashed_password)
    
    def authenticate_user(self, username: str, password: str) -> Optional[User]:
        """
        Authenticate a user by username and password
        
        Args:
            username: The username to authenticate
            password: The plain text password to verify
        
        Returns:
            User object if authentication succeeds, None if credentials are invalid
        """
        # Get user by username
        user = self.user_repository.get_by_username(username)
        
        # Return None if user doesn't exist
        if not user:
            return None
        
        # Verify password
        if not self.verify_password(password, user.hashed_password):
            return None
        
        # Return authenticated user
        return user
    
    def create_user_with_hashed_password(
        self, 
        username: str, 
        password: str, 
        role: str
    ) -> User:
        """
        Create a new user with a hashed password
        
        Args:
            username: The username for the new user
            password: The plain text password (will be hashed)
            role: The role ("Admin" or "User")
        
        Returns:
            The created User object
        
        Raises:
            ValueError: If username already exists or role is invalid
        """
        hashed_password = self.hash_password(password)
        return self.user_repository.create(username, hashed_password, role)