# app/routes/auth.py
"""
Маршруты API для аутентификации
"""
from fastapi import APIRouter, HTTPException, Depends
from fastapi.security import HTTPBasic, HTTPBasicCredentials
from app.database import db
import bcrypt

router = APIRouter()
security = HTTPBasic()

@router.post("/login")
async def login(credentials: HTTPBasicCredentials = Depends(security)):
    """Аутентификация менеджера"""
    try:
        result = db.execute_query(
            "SELECT manager_id, username, password_hash, full_name FROM managers WHERE username = %s AND is_active = TRUE",
            (credentials.username,)
        )
        
        if not result:
            raise HTTPException(status_code=401, detail="Invalid credentials")
        
        manager = dict(result[0])
        stored_hash = manager['password_hash']
        
        # Проверка пароля
        if bcrypt.checkpw(credentials.password.encode('utf-8'), stored_hash.encode('utf-8')):
            return {
                "manager_id": manager['manager_id'],
                "username": manager['username'],
                "full_name": manager['full_name'],
                "authenticated": True
            }
        else:
            raise HTTPException(status_code=401, detail="Invalid credentials")
            
    except Exception as e:
        raise HTTPException(status_code=500, detail=str(e))

@router.get("/verify")
async def verify_token():
    """Проверка валидности токена"""
    return {"verified": True}