"""Profile routes for user self-service operations."""
from flask import Blueprint, request, jsonify, g
from app import limiter
from app.utils import jwt_required, validate_request_body
from app.services.profile import (
    get_own_profile,
    update_profile,
    update_profile_image,
    change_password,
    delete_own_account,
    get_user_public
)

# Create profile blueprint
profile_bp = Blueprint('profile', __name__, url_prefix='/profile')


@profile_bp.route('', methods=['GET'])
@limiter.limit("100 per hour")
@jwt_required
def get_profile():
    """
    Get authenticated user's full private profile.
    
    Returns:
        200: Profile data
        401: Unauthorized
    """
    user_id = g.current_user.id
    
    result = get_own_profile(user_id)
    
    status_code = 200 if result['success'] else 400
    return jsonify(result), status_code


@profile_bp.route('', methods=['PUT'])
@limiter.limit("50 per hour")
@jwt_required
def update_user_profile():
    """
    Update authenticated user's profile information.
    
    Allowed fields:
    - first_name, last_name
    - phone_number
    - date_of_birth (ISO format)
    - address, city, country
    
    Returns:
        200: Updated profile
        400: Validation error
        401: Unauthorized
    """
    data = request.get_json()
    
    if not data:
        return jsonify({
            'success': False,
            'message': 'No data provided',
            'data': None
        }), 400
    
    # Only allow specific fields to be updated
    allowed_fields = [
        'first_name', 'last_name', 'phone_number', 
        'date_of_birth', 'address', 'city', 'country'
    ]
    
    # Filter out any fields not in allowed list
    update_data = {k: v for k, v in data.items() if k in allowed_fields}
    
    if not update_data:
        return jsonify({
            'success': False,
            'message': 'No valid fields provided for update',
            'data': None
        }), 400
    
    user_id = g.current_user.id
    
    result = update_profile(user_id, update_data)
    
    status_code = 200 if result['success'] else 400
    return jsonify(result), status_code


@profile_bp.route('/image', methods=['PUT'])
@limiter.limit("20 per hour")
@jwt_required
def update_user_profile_image():
    """
    Update authenticated user's profile image.
    
    Expects multipart/form-data with 'image' file.
    
    Allowed extensions: jpg, jpeg, png, webp
    
    Returns:
        200: Updated profile image URL
        400: Validation error
        401: Unauthorized
    """
    # Check if file is in request
    if 'image' not in request.files:
        return jsonify({
            'success': False,
            'message': 'No image file provided',
            'data': None
        }), 400
    
    image_file = request.files['image']
    
    # Check if filename is empty
    if image_file.filename == '':
        return jsonify({
            'success': False,
            'message': 'No image file selected',
            'data': None
        }), 400
    
    user_id = g.current_user.id
    
    result = update_profile_image(user_id, image_file)
    
    status_code = 200 if result['success'] else 400
    return jsonify(result), status_code


@profile_bp.route('/password', methods=['PUT'])
@limiter.limit("10 per hour")
@jwt_required
def change_user_password():
    """
    Change authenticated user's password.
    
    Required fields:
    - current_password: Current password for verification
    - new_password: New password (must meet strength requirements)
    
    Returns:
        200: Password changed successfully
        400: Validation error
        401: Unauthorized
    """
    data = request.get_json()
    
    required_fields = ['current_password', 'new_password']
    is_valid, error_response = validate_request_body(data, required_fields)
    if not is_valid:
        return error_response
    
    user_id = g.current_user.id
    current_password = data['current_password']
    new_password = data['new_password']
    
    result = change_password(user_id, current_password, new_password)
    
    status_code = 200 if result['success'] else 400
    return jsonify(result), status_code


@profile_bp.route('', methods=['DELETE'])
@limiter.limit("5 per hour")
@jwt_required
def delete_account():
    """
    Delete (deactivate) authenticated user's account.
    
    This is a soft delete - sets is_active=False.
    The account can be reactivated by an admin.
    
    Returns:
        200: Account deactivated
        400: Error
        401: Unauthorized
    """
    user_id = g.current_user.id
    
    result = delete_own_account(user_id)
    
    status_code = 200 if result['success'] else 400
    return jsonify(result), status_code


# Public user profile endpoint (for viewing owners on listings)
@profile_bp.route('/users/<user_id>/public', methods=['GET'])
@limiter.limit("100 per hour")
def get_public_user_profile(user_id):
    """
    Get public user profile by ID.
    
    Used for displaying owner information on property listings.
    Returns limited public information only.
    
    Args:
        user_id: User ID to fetch
    
    Returns:
        200: Public profile data
        404: User not found
    """
    result = get_user_public(user_id)
    
    status_code = 200 if result['success'] else 404
    return jsonify(result), status_code