from fastapi import APIRouter, Depends, HTTPException
from core.database import fake_users_db
from fastapi.responses import JSONResponse
from core.auth import create_access_token, create_refresh_token
from datetime import timedelta

router = APIRouter()

@router.post("/login-user")
async def login_user_handler(
    username: str,
    password: str,
    db: Session = Depends(get_db)
):
    """Demo login endpoint"""
    user = fake_users_db.get(username)
    if not user or user["password"] != password:
        raise HTTPException(status_code=400, detail="Invalid credentials")

    access_token = create_access_token(data={"sub": user["id"]})
    refresh_token = create_refresh_token(data={"sub": user["id"]})

    response = JSONResponse({
        "message": "Login successful",
        "access_token": access_token,
        "refresh_token": refresh_token,
        "token_type": "bearer",
        "expires_in": timedelta(minutes=15)
    })

    response.set_cookie(
        key="access_token",
        value=access_token,
        httponly=True,
        samesite="strict",
        expires=timedelta(minutes=15)
    )
    response.set_cookie(
        key="refresh_token",
        value=refresh_token,
        httponly=True,
        samesite="strict",
        expires=timedelta(days=30)
    )
    response.set_cookie(
        key="session_id",
        value=user["id"],
        httponly=True,
        samesite="strict",
        expires=timedelta(days=30)
    )

    return response