# auth/schemas/auth_routes.py

from flask import Blueprint
from .auth_controller import register, login, get_user_info, update_user_info, delete_user
from flask import jsonify

# Create a Blueprint for auth-related routes
auth_bp = Blueprint('auth', __name__)


# Define the routes

@auth_bp.route('/register', methods=['POST'])
def register_user():
    """
    Route for registering a new user.
    This expects a POST request with a JSON payload containing:
    {
        "username": "user1",
        "password": "password123",
        "role": "user"  # Optional, default is "user"
    }
    Returns:
        - Success message and user ID if successful (201 Created)
        - Error message if user already exists or invalid request (400 Bad Request)
    """
    return register()


@auth_bp.route('/login', methods=['POST'])
def login_user():
    """
    Route for logging in an existing user.
    This expects a POST request with a JSON payload containing:
    {
        "username": "user1",
        "password": "password123"
    }
    Returns:
        - JWT token if login is successful (200 OK)
        - Error message if credentials are incorrect or user not found (401 Unauthorized / 404 Not Found)
    """
    return login()


@auth_bp.route('/user-info', methods=['GET'])
def get_user_details():
    """
    Route for getting the authenticated user's information.
    Requires the JWT token in the `x-access-token` header.
    Returns:
        - User information such as username, role, and creation date (200 OK)
        - Error message if the token is missing or invalid (401 Unauthorized)
    """
    return get_user_info()


@auth_bp.route('/update-user', methods=['PUT'])
def update_user():
    """
    Route for updating a user's information.
    Only accessible by managers.
    Expects a PUT request with a JSON payload containing:
    {
        "user_id": "the user's MongoDB ObjectId",
        "username": "newUsername"  # Optional
        "role": "manager"  # Optional, can be "user" or "manager"
    }
    Requires the JWT token in the `x-access-token` header.
    Returns:
        - Success message if update is successful (200 OK)
        - Error message if the user is not found or permission is denied (403 Forbidden / 404 Not Found)
    """
    return update_user_info()


@auth_bp.route('/delete-user', methods=['DELETE'])
def remove_user():
    """
    Route for deleting a user from the system.
    Only accessible by managers.
    Expects a DELETE request with a JSON payload containing:
    {
        "user_id": "the user's MongoDB ObjectId"
    }
    Requires the JWT token in the `x-access-token` header.
    Returns:
        - Success message if deletion is successful (200 OK)
        - Error message if the user is not found or permission is denied (403 Forbidden / 404 Not Found)
    """
    return delete_user()