#!/usr/bin/env python3
# -*- coding: utf-8 -*-
from __future__ import annotations

import database
from app_security import validate_password
from flask import jsonify, request, session
from routes.admin_api import admin_api_bp
from routes.decorators import admin_required

# ==================== 密码重置 / 反馈（管理员） ====================


@admin_api_bp.route("/admin/password", methods=["PUT"])
@admin_required
def update_admin_password():
    """修改管理员密码"""
    data = request.json or {}
    new_password = (data.get("new_password") or "").strip()

    if not new_password:
        return jsonify({"error": "密码不能为空"}), 400

    username = session.get("admin_username")
    if database.update_admin_password(username, new_password):
        return jsonify({"success": True})
    return jsonify({"error": "修改失败"}), 400


@admin_api_bp.route("/admin/username", methods=["PUT"])
@admin_required
def update_admin_username():
    """修改管理员用户名"""
    data = request.json or {}
    new_username = (data.get("new_username") or "").strip()

    if not new_username:
        return jsonify({"error": "用户名不能为空"}), 400

    old_username = session.get("admin_username")
    if database.update_admin_username(old_username, new_username):
        session["admin_username"] = new_username
        return jsonify({"success": True})
    return jsonify({"error": "修改失败，用户名可能已存在"}), 400


@admin_api_bp.route("/users/<int:user_id>/reset_password", methods=["POST"])
@admin_required
def admin_reset_password_route(user_id):
    """管理员直接重置用户密码（无需审核）"""
    data = request.json or {}
    new_password = (data.get("new_password") or "").strip()

    if not new_password:
        return jsonify({"error": "新密码不能为空"}), 400

    is_valid, error_msg = validate_password(new_password)
    if not is_valid:
        return jsonify({"error": error_msg}), 400

    if database.admin_reset_user_password(user_id, new_password):
        return jsonify({"message": "密码重置成功"})
    return jsonify({"error": "重置失败，用户不存在"}), 400