from sqladmin.authentication import AuthenticationBackend
from sqlalchemy import select
from starlette.requests import Request

from app.core.security import verify_password
from app.db.session import sync_engine
from app.models.user import User

from sqlalchemy.orm import Session


class AdminAuthBackend(AuthenticationBackend):
    async def login(self, request: Request) -> bool:
        form = await request.form()
        username = form.get("username", "")
        password = form.get("password", "")

        with Session(sync_engine) as session:
            result = session.execute(
                select(User).where(
                    (User.phone == username) | (User.email == username)
                )
            )
            user = result.scalar_one_or_none()

        if not user:
            return False

        if user.role not in ("admin", "moderator"):
            return False

        if not verify_password(str(password), user.password_hash):
            return False

        request.session.update({"admin_user_id": user.id})
        return True

    async def logout(self, request: Request) -> bool:
        request.session.clear()
        return True

    async def authenticate(self, request: Request) -> bool:
        user_id = request.session.get("admin_user_id")
        if not user_id:
            return False

        with Session(sync_engine) as session:
            result = session.execute(select(User).where(User.id == user_id))
            user = result.scalar_one_or_none()

        if not user or user.role not in ("admin", "moderator"):
            return False

        return True