from rest_framework import serializers
from rest_framework_simplejwt.tokens import RefreshToken, TokenError
from webapp.models.master import Users
from webapp.auth import auth_pwd_hash


class LoginSerializer(serializers.Serializer):
    usr = serializers.CharField(
        required=True,
        help_text="Username untuk login",
        style={"example": "johndoe"},   # 🔹 NEW (lebih informatif untuk Swagger / Android)
    )
    password = serializers.CharField(
        required=True,
        write_only=True,
        help_text="Password user",
        style={"input_type": "password", "example": "secret123"},  # 🔹 NEW
    )

    def validate(self, attrs):
        username = attrs.get("usr")
        password = attrs.get("password")

        if not username or not password:
            raise serializers.ValidationError({"detail": "Username dan password wajib diisi."})  # 🔹 NEW (format JSON lebih rapi)

        try:
            user = Users.objects.select_related("pk_roles").get(usr=username)
        except Users.DoesNotExist:
            raise serializers.ValidationError({"detail": "User tidak ditemukan."})  # 🔹 NEW

        if user.pwd != auth_pwd_hash(password):
            raise serializers.ValidationError({"detail": "Password salah."})  # 🔹 NEW

        # buat refresh token manual (tanpa for_user)
        refresh = RefreshToken()
        refresh["user_id"] = user._pk
        refresh["username"] = user.usr
        refresh["role"] = user.pk_roles.role if getattr(user, "pk_roles", None) else None

        access_token = refresh.access_token

        return {
            "refresh": str(refresh),
            "access": str(access_token),
            "user": {  # 🔹 NEW: lebih enak dipakai Android
                "id": user._pk,
                "username": user.usr,
                "role": user.pk_roles.role if getattr(user, "pk_roles", None) else None,
            }
        }


class CustomTokenRefreshSerializer(serializers.Serializer):
    refresh = serializers.CharField(
        help_text="Refresh token untuk mendapatkan access token baru",
        style={"example": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."},  # 🔹 NEW
    )

    def validate(self, attrs):
        refresh_token = attrs.get("refresh")
        try:
            refresh = RefreshToken(refresh_token)
        except TokenError:
            raise serializers.ValidationError({"detail": "Refresh token tidak valid atau sudah expired."})  # 🔹 NEW

        access = str(refresh.access_token)
        return {
            "access": access,
            "refresh": str(refresh),
            "user": {   # 🔹 NEW
                "id": refresh.get("user_id"),
                "username": refresh.get("username"),
                "role": refresh.get("role"),
            }
        }


from rest_framework import serializers

class LogoutSerializer(serializers.Serializer):
    """Serializer kosong karena logout hanya hapus cookie"""
    def save(self, **kwargs):
        response = kwargs.get("response")
        if response:
            response.delete_cookie("access_token")
            response.delete_cookie("refresh_token")