from __future__ import annotations

import uuid

from sqlalchemy.ext.asyncio import AsyncSession

from cpv3.infrastructure.security import hash_password, verify_password
from cpv3.modules.users.models import User
from cpv3.modules.users.repository import UserRepository
from cpv3.modules.users.schemas import UserCreate, UserRegister, UserUpdate


class UserService:
    """Service for user business logic and orchestration."""

    def __init__(self, session: AsyncSession) -> None:
        self._repo = UserRepository(session)

    async def get_user_by_id(self, user_id: uuid.UUID) -> User | None:
        return await self._repo.get_by_id(user_id)

    async def get_user_by_username(self, username: str) -> User | None:
        return await self._repo.get_by_username(username)

    async def list_users(self, *, requester: User) -> list[User]:
        return await self._repo.list_all(requester=requester)

    async def create_user(self, data: UserCreate, *, requester: User | None) -> User:
        # Keep Django behavior: any authenticated user can create via this endpoint.
        if requester is None:
            raise ValueError("Требуется авторизация")
        return await self._repo.create(data=data)

    async def register_user(self, data: UserRegister) -> User:
        return await self._repo.create(data=data)

    async def update_user(self, user: User, data: UserUpdate) -> User:
        return await self._repo.update(user, data)

    async def deactivate_user(self, user: User) -> None:
        await self._repo.deactivate(user)

    async def change_password(self, user: User, current_password: str, new_password: str) -> None:
        if not verify_password(current_password, user.password_hash):
            raise ValueError("Текущий пароль неверен")
        new_hash = hash_password(new_password)
        await self._repo.update_password(user, new_hash)

    async def authenticate(self, username: str, password: str) -> User | None:
        user = await self._repo.get_by_username(username)
        if user is None:
            return None
        if not user.is_active:
            return None
        if not verify_password(password, user.password_hash):
            return None
        return user


# Legacy function exports for backward compatibility
async def get_user_by_id(session: AsyncSession, user_id: uuid.UUID) -> User | None:
    service = UserService(session)
    return await service.get_user_by_id(user_id)


async def get_user_by_username(session: AsyncSession, username: str) -> User | None:
    service = UserService(session)
    return await service.get_user_by_username(username)


async def list_users(session: AsyncSession, *, requester: User) -> list[User]:
    service = UserService(session)
    return await service.list_users(requester=requester)


async def create_user(session: AsyncSession, data: UserCreate, *, requester: User | None) -> User:
    service = UserService(session)
    return await service.create_user(data, requester=requester)


async def register_user(session: AsyncSession, data: UserRegister) -> User:
    service = UserService(session)
    return await service.register_user(data)


async def update_user(session: AsyncSession, user: User, data: UserUpdate) -> User:
    service = UserService(session)
    return await service.update_user(user, data)


async def deactivate_user(session: AsyncSession, user: User) -> None:
    service = UserService(session)
    await service.deactivate_user(user)


async def change_password(
    session: AsyncSession, user: User, current_password: str, new_password: str
) -> None:
    service = UserService(session)
    await service.change_password(user, current_password, new_password)


async def authenticate(session: AsyncSession, username: str, password: str) -> User | None:
    service = UserService(session)
    return await service.authenticate(username, password)