from flask import Blueprint, request, redirect, url_for, flash, render_template
from flask_login import login_user, logout_user
from app.models.users import User
from datetime import datetime, timedelta
from app.models import db
import re

import sys

auth = Blueprint('auth', __name__)

def _authenticate(username, password):
    user = User.query.filter_by(username=username).first()
    if user and user.password == password: 
        print(sys.version) 
        return user  
    return None

def login():
    if request.method == 'POST':
        username = request.form.get('username')
        password = request.form.get('password')
        user = User.query.filter_by(username=username).first()
        if user:
            if user.failed_login_attempts is not None and user.failed_login_attempts >= 10:
                cooldown_expires = user.last_failed_login_attempt + timedelta(minutes=10)
                if datetime.now() < cooldown_expires:
                    flash('You have exceeded the maximum number of failed login attempts. Please try again in {} minutes.'.format((cooldown_expires - datetime.now()).seconds // 60), 'danger')
                    return render_template('login.html')
            if user.password == password:
                user.failed_login_attempts = 0
                login_user(user)
                return redirect(url_for('main.wines_route'))
            else:
                user.failed_login_attempts = (user.failed_login_attempts or 0) + 1
                user.last_failed_login_attempt = datetime.now()
                db.session.commit()
                flash('Invalid username or password.', 'danger')
        else:
            flash('Invalid username or password.', 'danger')
    return render_template('login.html')

def logout():
    logout_user()
    flash('You have been logged out.', 'info')
    return redirect(url_for('main.login_route'))

def signup():
    username = request.form.get('username')
    email = request.form.get('email')
    password = request.form.get('password')

    # Server-side validation
    if len(username) < 5:
        flash('Username must be at least 5 characters long', 'danger')
        return redirect(url_for('main.login_route'))

    email_regex = r'^[a-zA-Z][a-zA-Z0-9._-]*@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$'
    if not re.match(email_regex, email):
        flash('Please enter a valid email address', 'danger')
        return redirect(url_for('main.login_route'))

    password_regex = r'^(?=.*[0-9])(?=.*[!@#$%^&*])[a-zA-Z0-9!@#$%^&*]{8,}$'
    if not re.match(password_regex, password):
        flash('Password must be at least 8 characters long and contain a number and a special character', 'danger')
        return redirect(url_for('main.login_route'))

    # Check if username or email already exists
    if User.query.filter_by(username=username).first():
        flash('Username already exists', 'danger')
        return redirect(url_for('main.login_route'))

    if User.query.filter_by(email=email).first():
        flash('Email already exists', 'danger')
        return redirect(url_for('main.login_route'))

    # Create new user
    new_user = User(username=username, email=email, password=password)
    db.session.add(new_user)
    db.session.commit()

    flash('Account created successfully! Please login.', 'success')
    return redirect(url_for('main.login_route'))