"""FastAPI app: /api/duties and static webapp."""
from pathlib import Path

import config
from fastapi import FastAPI, Header, HTTPException, Query
from fastapi.middleware.cors import CORSMiddleware
from fastapi.staticfiles import StaticFiles

from db.session import get_session
from db.repository import get_duties
from db.schemas import DutyWithUser
from api.telegram_auth import validate_init_data

app = FastAPI(title="Duty Teller API")
app.add_middleware(
    CORSMiddleware,
    allow_origins=["*"],
    allow_credentials=True,
    allow_methods=["*"],
    allow_headers=["*"],
)


@app.get("/api/duties", response_model=list[DutyWithUser])
def list_duties(
    from_date: str = Query(..., description="ISO date YYYY-MM-DD"),
    to_date: str = Query(..., description="ISO date YYYY-MM-DD"),
    x_telegram_init_data: str | None = Header(None, alias="X-Telegram-Init-Data"),
) -> list[DutyWithUser]:
    init_data = (x_telegram_init_data or "").strip()
    if not init_data:
        raise HTTPException(status_code=403, detail="Откройте календарь из Telegram")
    username = validate_init_data(init_data, config.BOT_TOKEN)
    if username is None:
        raise HTTPException(status_code=403, detail="Неверные данные авторизации")
    if not config.can_access_miniapp(username):
        raise HTTPException(status_code=403, detail="Доступ запрещён")
    session = get_session(config.DATABASE_URL)
    try:
        rows = get_duties(session, from_date=from_date, to_date=to_date)
        return [
            DutyWithUser(
                id=duty.id,
                user_id=duty.user_id,
                start_at=duty.start_at,
                end_at=duty.end_at,
                full_name=full_name,
            )
            for duty, full_name in rows
        ]
    finally:
        session.close()


webapp_path = Path(__file__).resolve().parent.parent / "webapp"
if webapp_path.is_dir():
    app.mount("/app", StaticFiles(directory=str(webapp_path), html=True), name="webapp")