from fastapi import APIRouter, Depends, HTTPException
from backend.models.models import User
from backend.schemas.user import UserCreate, UserLogin
from backend.database import get_session
from sqlmodel import Session, select
from backend.utils.hashing import hash_password, verify_password

router = APIRouter()


@router.post("/signup")
def signup(user_data: UserCreate, session: Session = Depends(get_session)):
    existing_user = session.exec(
        select(User).where(User.email == user_data.email)
    ).first()
    if existing_user:
        raise HTTPException(status_code=400, detail="Email already registered")

    hashed_password = hash_password(user_data.password)
    user = User(
        username=user_data.username,
        email=user_data.email,
        password=hashed_password,
        phone_number=user_data.phone_number,
        role="buyer",
    )
    session.add(user)
    session.commit()
    return {"message": "User created successfully"}


@router.post("/login")
def login(user_data: UserLogin, session: Session = Depends(get_session)):
    user = session.exec(select(User).where(User.email == user_data.email)).first()
    if not user or not verify_password(user_data.password, user.password):
        raise HTTPException(status_code=401, detail="Invalid credentials")
    return {"message": "Login successful", "user_id": user.id}