from __future__ import annotations

from datetime import UTC, datetime, timedelta
from uuid import uuid4

from innercontext.api.auth_deps import get_current_user
from innercontext.auth import CurrentUser, IdentityData, TokenClaims
from innercontext.models import Role
from innercontext.models.ai_log import AICallLog
from main import app


def _user(subject: str, *, role: Role = Role.MEMBER) -> CurrentUser:
    claims = TokenClaims(
        issuer="https://auth.test",
        subject=subject,
        audience=("innercontext-web",),
        expires_at=datetime.now(UTC) + timedelta(hours=1),
        raw_claims={"iss": "https://auth.test", "sub": subject},
    )
    return CurrentUser(
        user_id=uuid4(),
        role=role,
        identity=IdentityData.from_claims(claims),
        claims=claims,
    )


def _set_current_user(user: CurrentUser) -> None:
    app.dependency_overrides[get_current_user] = lambda: user


def test_profile_health_routines_skincare_ai_logs_are_user_scoped_by_default(
    client, session
):
    owner = _user("owner")
    intruder = _user("intruder")

    _set_current_user(owner)
    profile = client.patch(
        "/profile", json={"birth_date": "1991-01-15", "sex_at_birth": "male"}
    )
    medication = client.post(
        "/health/medications", json={"kind": "prescription", "product_name": "Owner Rx"}
    )
    routine = client.post(
        "/routines", json={"routine_date": "2026-03-01", "part_of_day": "am"}
    )
    snapshot = client.post("/skincare", json={"snapshot_date": "2026-03-01"})
    log = AICallLog(endpoint="routines/suggest", model="gemini-3-flash-preview")
    log.user_id = owner.user_id
    session.add(log)
    session.commit()
    session.refresh(log)

    assert profile.status_code == 200
    assert medication.status_code == 201
    assert routine.status_code == 201
    assert snapshot.status_code == 201

    medication_id = medication.json()["record_id"]
    routine_id = routine.json()["id"]
    snapshot_id = snapshot.json()["id"]

    _set_current_user(intruder)
    assert client.get("/profile").json() is None
    assert client.get("/health/medications").json() == []
    assert client.get("/routines").json() == []
    assert client.get("/skincare").json() == []
    assert client.get("/ai-logs").json() == []

    assert client.get(f"/health/medications/{medication_id}").status_code == 404
    assert client.get(f"/routines/{routine_id}").status_code == 404
    assert client.get(f"/skincare/{snapshot_id}").status_code == 404
    assert client.get(f"/ai-logs/{log.id}").status_code == 404


def test_health_admin_override_requires_explicit_user_id(client):
    owner = _user("owner")
    admin = _user("admin", role=Role.ADMIN)

    _set_current_user(owner)
    created = client.post(
        "/health/lab-results",
        json={
            "collected_at": "2026-03-01T00:00:00",
            "test_code": "718-7",
            "test_name_original": "Hemoglobin",
        },
    )
    assert created.status_code == 201

    _set_current_user(admin)
    default_scope = client.get("/health/lab-results")
    assert default_scope.status_code == 200
    assert default_scope.json()["items"] == []

    overridden = client.get(f"/health/lab-results?user_id={owner.user_id}")
    assert overridden.status_code == 200
    assert len(overridden.json()["items"]) == 1