from fastapi import APIRouter, Depends, HTTPException
from core.database import fake_users_db
from fastapi.responses import JSONResponse
from core.auth import create_access_token, create_refresh_token
from datetime import timedelta

router = APIRouter()

@router.post("/login-user")
async def login_user_handler(
    username: str,
    password: str,
    db: Session = Depends(get_db)
):
    """Login user and set access, refresh and session cookies"""
    user = fake_users_db.get(username)
    if not user or user["password"] != password:
        raise HTTPException(status_code=400, detail="Invalid credentials")
    
    access_token = create_access_token(user["id"])
    refresh_token = create_refresh_token(user["id"])
    
    response = JSONResponse({
        "message": "Login successful",
        "user_id": user["id"],
        "username": username
    })
    
    response.set_cookie(
        key="access_token",
        value=access_token,
        httponly=True,
        max_age=1800,
        expires=1800
    )
    response.set_cookie(
        key="refresh_token",
        value=refresh_token,
        httponly=True,
        max_age=604800,
        expires=604800
    )
    response.set_cookie(
        key="session_id",
        value=user["id"],
        httponly=True,
        max_age=604800,
        expires=604800
    )
    
    return response