from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from services.need_request_service import NeedRequestService
from models.schemas import NeedRequestCreate, NeedRequestUpdate
from config.database import get_db
from services.auth_service import AuthService

router = APIRouter()

# Configuration pour OAuth2
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/v1/auth/token")

@router.post("/", status_code=status.HTTP_201_CREATED)
async def request_need(need: NeedRequestCreate):
    async with get_db() as db:
        return await NeedRequestService.create_need(need, db)

@router.get("/", status_code=status.HTTP_200_OK)
async def get_all_reports():
    async with get_db() as db:
        return await NeedRequestService.get_all_needs(db)

@router.get("/{need_id}", status_code=status.HTTP_200_OK)
async def get_need(need_id: int):
    async with get_db() as db:
        need = await NeedRequestService.get_need(need_id, db)
        if not need:
            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")
        return need

@router.put("/{need_id}", status_code=status.HTTP_200_OK)
async def update_need(
    need_id: int,
    need_update: NeedRequestUpdate,
    token: str = Depends(oauth2_scheme)
):
    async with get_db() as db:
        need = await NeedRequestService.get_need(need_id, db)
        if not need:
            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")

        # Vérifie si l'utilisateur est l'auteur ou un administrateur
        if NeedRequestService.verify_requester_or_admin(need_id, token, db):
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="You do not have permission to update this need request",
            )

        return await NeedRequestService.update_need(need_id, need_update, db)

@router.delete("/{need_id}", status_code=status.HTTP_200_OK)
async def delete_need(
    need_id: int,
    token: str = Depends(oauth2_scheme)
):
    async with get_db() as db:
        need = await NeedRequestService.get_need(need_id, db)
        if not need:
            raise HTTPException(status_code=status.HTTP_404_NOT_FOUND, detail="Need request not found")

        # Vérifie si l'utilisateur est l'auteur ou un administrateur
        if NeedRequestService.verify_requester_or_admin(need_id, token, db):
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="You do not have permission to delete this need request",
            )

        return await NeedRequestService.delete_need(need_id, db)