import datetime
from fastapi import APIRouter, Depends, HTTPException, Request, status
from sqlalchemy.orm import Session

from app.crud import secret as secret_crud
from app.db.session import get_db
from app.schemas.secret import SecretCreate, SecretCreated, SecretRead

router = APIRouter()


@router.post("/", response_model=SecretCreated, status_code=status.HTTP_201_CREATED)
def create_secret(
    request: Request,
    secret: SecretCreate,
    db: Session = Depends(get_db),
):
    """
    Create a new secret.
    
    Returns an access key that can be used to retrieve the secret once.
    """
    db_secret = secret_crud.create_secret(db=db, secret=secret)
    
    # Generate the full URL for accessing the secret
    base_url = str(request.base_url).rstrip("/")
    secret_url = f"{base_url}/api/v1/secrets/{db_secret.access_key}"
    
    return {
        "access_key": db_secret.access_key,
        "expires_at": db_secret.expires_at,
        "secret_url": secret_url,
    }


@router.get("/{access_key}", response_model=SecretRead)
def read_secret(
    access_key: str,
    db: Session = Depends(get_db),
):
    """
    Retrieve a secret by its access key.
    
    The secret can only be retrieved once and will be deleted after retrieval.
    """
    secret_content = secret_crud.read_and_delete_secret(db=db, access_key=access_key)
    
    if not secret_content:
        raise HTTPException(
            status_code=status.HTTP_404_NOT_FOUND,
            detail="Secret not found or already accessed",
        )
    
    # Since we've deleted the secret, we'll use the current time for demonstration purposes
    return {
        "content": secret_content,
        "created_at": db.query(secret_crud.Secret.created_at).filter(
            secret_crud.Secret.access_key == access_key
        ).scalar() or datetime.datetime.utcnow(),
    }