from flask import request, jsonify
from mysql.connector import connect
from werkzeug.security import check_password_hash
from datetime import datetime, timedelta
import jwt

from util.logger import logger
from util.db_config import load_config
from auth.token import SECRET_KEY

def login_route():
    data = request.get_json()
    username = data.get('username')
    password = data.get('password')

    if not SECRET_KEY:
        logger.error("Login blocked: SECRET_KEY is not configured.")
        return jsonify({"message": "Server misconfigured"}), 500

    try:
        config = load_config()
        conn = connect(**config)
        cursor = conn.cursor(dictionary=True)
        cursor.execute("SELECT * FROM users WHERE username = %s", (username,))
        user = cursor.fetchone()
        cursor.close()
        conn.close()

        if user and check_password_hash(user['password'], password):
            logger.info(f"✅ Login successful: {username}")

            payload = {
                "username": user['username'],
                "role": user['role'],
                "exp": datetime.utcnow() + timedelta(minutes=60)
            }
            token = jwt.encode(payload, SECRET_KEY, algorithm="HS256")

            return jsonify({
                "token": token,
                "role": user['role']
            })

        logger.warning(f"⛔ Login failed: {username}")
        return jsonify({"message": "Login failed"}), 401

    except Exception as e:
        logger.error(f"[Login Error] {e}")
        return jsonify({"message": "Server error"}), 500