from __future__ import annotations

import time
from typing import Any

from flask import jsonify, g

from .. import settings
from ..keycloak import admin_client, require_auth, require_account_access
from ..utils import best_effort_post, random_password


def register(app) -> None:
    @app.route("/api/account/overview", methods=["GET"])
    @require_auth
    def account_overview() -> Any:
        ok, resp = require_account_access()
        if not ok:
            return resp

        username = g.keycloak_username
        mailu_username = f"{username}@{settings.MAILU_DOMAIN}" if username else ""

        mailu_status = "ready"
        jellyfin_status = "ready"

        if not admin_client().ready():
            mailu_status = "server not configured"
            jellyfin_status = "server not configured"

        return jsonify(
            {
                "user": {"username": username, "email": g.keycloak_email, "groups": g.keycloak_groups},
                "mailu": {"status": mailu_status, "username": mailu_username},
                "jellyfin": {"status": jellyfin_status, "username": username},
            }
        )

    @app.route("/api/account/mailu/rotate", methods=["POST"])
    @require_auth
    def account_mailu_rotate() -> Any:
        ok, resp = require_account_access()
        if not ok:
            return resp
        if not admin_client().ready():
            return jsonify({"error": "server not configured"}), 503

        username = g.keycloak_username
        if not username:
            return jsonify({"error": "missing username"}), 400

        password = random_password()
        try:
            admin_client().set_user_attribute(username, "mailu_app_password", password)
        except Exception:
            return jsonify({"error": "failed to update mail password"}), 502

        best_effort_post(settings.MAILU_SYNC_URL)
        return jsonify({"password": password})

    @app.route("/api/account/jellyfin/rotate", methods=["POST"])
    @require_auth
    def account_jellyfin_rotate() -> Any:
        ok, resp = require_account_access()
        if not ok:
            return resp
        if not admin_client().ready():
            return jsonify({"error": "server not configured"}), 503

        username = g.keycloak_username
        if not username:
            return jsonify({"error": "missing username"}), 400

        password = random_password()
        try:
            admin_client().set_user_attribute(username, "jellyfin_app_password", password)
        except Exception:
            return jsonify({"error": "failed to update jellyfin password"}), 502

        best_effort_post(settings.JELLYFIN_SYNC_URL)
        return jsonify({"password": password})