from datetime import UTC, datetime

from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy import select
from sqlalchemy.ext.asyncio import AsyncSession

from app.api.deps import get_current_telegram_user, log_audit, require_platform_role
from app.db.session import get_session
from app.models.car import AuditLog, ServiceCenter, ServiceCenterVerification, ServiceVisit
from app.models.user import User
from app.schemas.service_center import ServiceCenterRead, ServiceVisitRead

router = APIRouter(prefix="/admin", tags=["admin"])


def require_admin_or_verifier(user: User) -> None:
    require_platform_role(user, {"admin", "verifier", "moderator"})


@router.get("/service-centers/pending", response_model=list[ServiceCenterRead])
async def pending_service_centers(
    session: AsyncSession = Depends(get_session),
    current_user: User = Depends(get_current_telegram_user),
) -> list[ServiceCenter]:
    require_admin_or_verifier(current_user)
    result = await session.execute(
        select(ServiceCenter)
        .where(ServiceCenter.verification_status == "pending")
        .order_by(ServiceCenter.created_at.asc())
    )
    return list(result.scalars())


@router.post("/service-centers/{service_center_id}/verify", response_model=ServiceCenterRead)
async def verify_service_center(
    service_center_id: int,
    session: AsyncSession = Depends(get_session),
    current_user: User = Depends(get_current_telegram_user),
) -> ServiceCenter:
    require_admin_or_verifier(current_user)
    center = await session.get(ServiceCenter, service_center_id)
    if center is None:
        raise HTTPException(status_code=404, detail="Service center not found")
    center.verification_status = "approved"
    center.verified_at = datetime.now(UTC)
    await mark_latest_verification(session, center.id, "approved", current_user.id)
    await log_audit(session, actor=current_user, action="service_center.verify", target_type="service_center", target_id=center.id)
    await session.commit()
    await session.refresh(center)
    return center


@router.post("/service-centers/{service_center_id}/reject", response_model=ServiceCenterRead)
async def reject_service_center(
    service_center_id: int,
    session: AsyncSession = Depends(get_session),
    current_user: User = Depends(get_current_telegram_user),
) -> ServiceCenter:
    require_admin_or_verifier(current_user)
    center = await session.get(ServiceCenter, service_center_id)
    if center is None:
        raise HTTPException(status_code=404, detail="Service center not found")
    center.verification_status = "rejected"
    await mark_latest_verification(session, center.id, "rejected", current_user.id)
    await log_audit(session, actor=current_user, action="service_center.reject", target_type="service_center", target_id=center.id)
    await session.commit()
    await session.refresh(center)
    return center


@router.post("/service-centers/{service_center_id}/suspend", response_model=ServiceCenterRead)
async def suspend_service_center(
    service_center_id: int,
    session: AsyncSession = Depends(get_session),
    current_user: User = Depends(get_current_telegram_user),
) -> ServiceCenter:
    require_platform_role(current_user, {"admin"})
    center = await session.get(ServiceCenter, service_center_id)
    if center is None:
        raise HTTPException(status_code=404, detail="Service center not found")
    center.verification_status = "suspended"
    center.suspended_at = datetime.now(UTC)
    await log_audit(session, actor=current_user, action="service_center.suspend", target_type="service_center", target_id=center.id)
    await session.commit()
    await session.refresh(center)
    return center


@router.get("/audit-log")
async def audit_log(
    limit: int = 100,
    offset: int = 0,
    session: AsyncSession = Depends(get_session),
    current_user: User = Depends(get_current_telegram_user),
) -> list[dict]:
    require_platform_role(current_user, {"admin", "verifier", "moderator"})
    limit = min(max(limit, 1), 200)
    result = await session.execute(
        select(AuditLog).order_by(AuditLog.created_at.desc()).limit(limit).offset(max(offset, 0))
    )
    return [
        {
            "id": item.id,
            "actor_user_id": item.actor_user_id,
            "actor_role": item.actor_role,
            "action": item.action,
            "target_type": item.target_type,
            "target_id": item.target_id,
            "metadata_json": item.metadata_json,
            "created_at": item.created_at,
        }
        for item in result.scalars()
    ]


@router.get("/disputes", response_model=list[ServiceVisitRead])
async def disputes(
    session: AsyncSession = Depends(get_session),
    current_user: User = Depends(get_current_telegram_user),
) -> list[ServiceVisit]:
    require_admin_or_verifier(current_user)
    result = await session.execute(
        select(ServiceVisit).where(ServiceVisit.status == "disputed").order_by(ServiceVisit.updated_at.desc())
    )
    return list(result.scalars())


async def mark_latest_verification(
    session: AsyncSession, service_center_id: int, status: str, reviewed_by: int
) -> None:
    result = await session.execute(
        select(ServiceCenterVerification)
        .where(ServiceCenterVerification.service_center_id == service_center_id)
        .order_by(ServiceCenterVerification.created_at.desc())
        .limit(1)
    )
    verification = result.scalar_one_or_none()
    if verification:
        verification.status = status
        verification.reviewed_by = reviewed_by
        verification.reviewed_at = datetime.now(UTC)