"""
=========================================
CV6 AI Trading OS
Authentication API
=========================================
"""

from fastapi import APIRouter, Depends, HTTPException, Request
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.orm import Session

from app.database.session import get_db
from app.repositories.user_repository import get_user_by_email

from app.schemas.auth_schema import TokenResponse

from app.core.security import verify_password
from app.core.auth import create_access_token
from app.core.rate_limit import check_login_rate_limit

router = APIRouter(
    prefix="/auth",
    tags=["Authentication"]
)


@router.post(
    "/login",
    response_model=TokenResponse
)
def login(
    request: Request,
    form_data: OAuth2PasswordRequestForm = Depends(),
    db: Session = Depends(get_db)
):
    """
    User Login
    """
    # H-1 FIX: same shared rate limiter as /users/login
    client_ip = request.client.host if request.client else "unknown"
    check_login_rate_limit(client_ip)

    user = get_user_by_email(
        db,
        form_data.username
    )

    if not user:
        raise HTTPException(
            status_code=401,
            detail="Invalid email or password"
        )

    if not verify_password(
        form_data.password,
        user.password
    ):
        raise HTTPException(
            status_code=401,
            detail="Invalid email or password"
        )

    token = create_access_token(
        {
            "sub": user.email,
            "user_id": user.id
        }
    )

    return TokenResponse(
        access_token=token
    )