from ninja import Router, Form
from django.contrib.auth import get_user_model
from rest_framework_simplejwt.tokens import RefreshToken
from django.db.models import Q

auth_router = Router(tags=["认证"])
User = get_user_model()


@auth_router.post("/register")
def register(
    request,
    username: str = Form(...),
    password: str = Form(...),
    email: str = Form(...),
    role: str = Form("user")  # 可选：默认 user
):
    if User.objects.filter(username=username).exists():
        return {"success": False, "message": "用户名已存在"}

    if role != "user":
        return {"success": False, "message": "不能注册管理员或分管理账号"}

    user = User(username=username, email=email, role=role)
    user.set_password(password)
    user.save()

    refresh = RefreshToken.for_user(user)
    return {
        "success": True,
        "message": "注册成功",
        "user": {
            "id": user.id,
            "username": user.username,
            "role": user.role,
        },
        "token": {
            "access": str(refresh.access_token),
            "refresh": str(refresh),
        }
    }


@auth_router.post("/login")
def login(
    request,
    username: str = Form(...),
    password: str = Form(...),
):
    user = User.objects.filter(Q(username=username) | Q(email=username)).first()

    if not user or not user.check_password(password):
        return {"success": False, "message": "用户名或密码错误"}

    if not user.is_active:
        return {"success": False, "message": "账号未激活"}

    refresh = RefreshToken.for_user(user)
    return {
        "success": True,
        "message": "登录成功",
        "user": {
            "id": user.id,
            "username": user.username,
            "role": user.role,
        },
        "token": {
            "access": str(refresh.access_token),
            "refresh": str(refresh),
        }
    }