# /opt/docker/dev/service_finder/backend/app/services/auth_service.py
from datetime import datetime, timezone, timedelta
from typing import Optional, Dict, Any
import logging
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select, and_, text

from app.models.identity import User, Person, Wallet, UserRole
from app.models.organization import Organization, OrgType
from app.models.vehicle import OrganizationMember
from app.schemas.auth import UserRegister
from app.core.security import get_password_hash, create_access_token
from app.services.email_manager import email_manager

logger = logging.getLogger(__name__)

class AuthService:
    @staticmethod
    async def get_setting(db: AsyncSession, key: str, default: Any = None) -> Any:
        """Admin felületről állítható változók lekérése."""
        try:
            stmt = text("SELECT value FROM data.system_settings WHERE key = :key")
            result = await db.execute(stmt, {"key": key})
            val = result.scalar()
            return val if val is not None else default
        except Exception:
            return default

    @staticmethod
    async def register_new_user(db: AsyncSession, user_in: UserRegister, ip_address: str):
        """
        MASTER REGISTRATION FLOW v1.3 (Full Integration)
        """
        try:
            # 1. KYC ADATOK (Banki szintű nyilvántartás)
            kyc_data = {
                "id_card": {
                    "number": user_in.id_card_number,
                    "expiry": str(user_in.id_card_expiry) if user_in.id_card_expiry else None
                },
                "driver_license": {
                    "number": user_in.driver_license_number,
                    "expiry": str(user_in.driver_license_expiry) if user_in.driver_license_expiry else None,
                    "categories": user_in.driver_license_categories
                },
                "special_licenses": {
                    "boat": user_in.boat_license_number,
                    "pilot": user_in.pilot_license_number
                }
            }

            # 2. PERSON LÉTREHOZÁSA (Digitális Iker alapja)
            new_person = Person(
                first_name=user_in.first_name,
                last_name=user_in.last_name,
                mothers_name=user_in.mothers_name,
                birth_place=user_in.birth_place,
                birth_date=user_in.birth_date,
                identity_docs=kyc_data
            )
            db.add(new_person)
            await db.flush()

            # 3. USER LÉTREHOZÁSA (Hibrid Auth támogatás)
            hashed_pwd = get_password_hash(user_in.password) if user_in.password else None
            new_user = User(
                email=user_in.email,
                hashed_password=hashed_pwd,
                social_provider=user_in.social_provider,
                social_id=user_in.social_id,
                person_id=new_person.id,
                role=UserRole.USER,
                region_code=user_in.region_code,
                is_active=True
            )
            db.add(new_user)
            await db.flush()

            # 4. ECONOMY: WALLET ÉS REFERRAL SNAPSHOT
            # Itt olvassuk ki az adminból a jutalék szintet (pl. 10%)
            l1_commission = await AuthService.get_setting(db, "referral.level1", 10)
            
            db.add(Wallet(user_id=new_user.id, coin_balance=0.00, xp_balance=0))

            # 5. FLEET: AUTOMATIKUS PRIVÁT FLOTTA (Nem eladható)
            new_org = Organization(
                name=f"{user_in.last_name} {user_in.first_name} Private Fleet",
                org_type=OrgType.INDIVIDUAL,
                owner_id=new_user.id,
                is_transferable=False
            )
            db.add(new_org)
            await db.flush()

            # Saját flotta tulajdonjog rögzítése
            db.add(OrganizationMember(organization_id=new_org.id, user_id=new_user.id, role="owner"))

            # 6. MEGHÍVÓ FELDOLGOZÁSA (Csatlakozás másik céghez)
            if user_in.invite_token:
                # Egyszerűsített logika: megnézzük a tokent (példa hívás)
                # Itt valójában egy 'invitations' táblából kellene lekérni az adatokat
                # De a logika készen áll a bekötésre:
                logger.info(f"Processing invite token: {user_in.invite_token}")
                # db.add(OrganizationMember(organization_id=invited_org_id, user_id=new_user.id, role=invited_role))

            # 7. AUDIT LOG (Minden lépés visszakövethető)
            audit_stmt = text("""
                INSERT INTO data.audit_logs (user_id, action, endpoint, method, ip_address, created_at)
                VALUES (:uid, 'USER_REGISTERED_COMPLETE_V1.3', '/api/v1/auth/register', 'POST', :ip, :now)
            """)
            await db.execute(audit_stmt, {
                "uid": new_user.id, "ip": ip_address, "now": datetime.now(timezone.utc)
            })

            # 8. JUTALMAZÁS (Admin beállítás alapján)
            reward_days = await AuthService.get_setting(db, "auth.reward_days", 14)

            # 9. EMAIL KÜLDÉS
            try:
                await email_manager.send_email(
                    recipient=user_in.email,
                    template_key="registration_welcome",
                    variables={
                        "first_name": user_in.first_name,
                        "reward_days": reward_days
                    },
                    user_id=new_user.id
                )
            except Exception as e:
                logger.warning(f"Email delivery skipped during reg: {str(e)}")

            await db.commit()
            await db.refresh(new_user)
            return new_user

        except Exception as e:
            await db.rollback()
            logger.error(f"Critical error in register_new_user: {str(e)}")
            raise e

    @staticmethod
    async def check_email_availability(db: AsyncSession, email: str) -> bool:
        query = select(User).where(and_(User.email == email, User.is_deleted == False))
        result = await db.execute(query)
        return result.scalar_one_or_none() is None