from fastapi import APIRouter, Depends, HTTPException, Form, UploadFile, File
import db
import schemas
import auth_utils
import config
import os
import uuid
import shutil

router = APIRouter(tags=["portfolio"])

@router.get("/portfolio")
async def get_public_portfolio():
    query = """
    SELECT p.id, p.file_path, COALESCE(o.material_name, 'Showcase') as material_name, p.order_id
    FROM order_photos p
    LEFT JOIN orders o ON p.order_id = o.id
    WHERE p.is_public = TRUE AND (o.id IS NULL OR o.allow_portfolio = TRUE)
    ORDER BY p.created_at DESC
    """
    return db.execute_query(query)

@router.post("/admin/orders/{order_id}/photos")
async def admin_upload_order_photo(
    order_id: int, 
    is_public: bool = Form(False),
    file: UploadFile = File(...), 
    token: str = Depends(auth_utils.oauth2_scheme)
):
    payload = auth_utils.decode_token(token)
    if not payload or payload.get("role") != 'admin':
        raise HTTPException(status_code=403, detail="Admin role required")
    order = db.execute_query("SELECT allow_portfolio FROM orders WHERE id = %s", (order_id,))
    if not order: raise HTTPException(status_code=404, detail="Order not found")
    if is_public and not order[0]['allow_portfolio']:
         raise HTTPException(status_code=400, detail="Cannot make public: User did not consent to portfolio usage")
    if not file.filename: raise HTTPException(status_code=400, detail="Invalid file")
    unique_filename = f"{uuid.uuid4()}{os.path.splitext(file.filename)[1]}"
    file_path = os.path.join(config.UPLOAD_DIR, unique_filename).replace("\\", "/")
    with open(file_path, "wb") as buffer:
        shutil.copyfileobj(file.file, buffer)
    query = "INSERT INTO order_photos (order_id, file_path, is_public) VALUES (%s, %s, %s)"
    photo_id = db.execute_commit(query, (order_id, file_path, is_public))
    return {"id": photo_id, "file_path": file_path, "is_public": is_public}

@router.patch("/admin/photos/{photo_id}")
async def admin_update_photo_status(photo_id: int, data: schemas.PhotoUpdate, token: str = Depends(auth_utils.oauth2_scheme)):
    payload = auth_utils.decode_token(token)
    if not payload or payload.get("role") != 'admin':
        raise HTTPException(status_code=403, detail="Admin role required")
    query = "SELECT p.*, o.allow_portfolio FROM order_photos p JOIN orders o ON p.order_id = o.id WHERE p.id = %s"
    photo_data = db.execute_query(query, (photo_id,))
    if not photo_data: raise HTTPException(status_code=404, detail="Photo not found")
    if data.is_public and not photo_data[0]['allow_portfolio']:
        raise HTTPException(status_code=400, detail="Cannot make public: User did not consent to portfolio usage")
    db.execute_commit("UPDATE order_photos SET is_public = %s WHERE id = %s", (data.is_public, photo_id))
    return {"id": photo_id, "is_public": data.is_public}