import streamlit as st
import yaml
from yaml.loader import SafeLoader
import streamlit_authenticator as stauth
from auth_core import load_credentials_from_db, get_role_for_user, create_user
from version import __version__


def content_for(username: str, role: str):
    st.header("Controlling-Portal")
    st.info(f"Willkommen, {username}!")
    if role == "admin":
        st.subheader("Admin-Bereich")
        st.write("Nur Admins sehen das hier.")

        with st.expander("Neuen Nutzer anlegen"):
            new_u = st.text_input("Neuer Username", key="new_u")
            new_fname = st.text_input("Vorname", key="new_fname")
            new_lname = st.text_input("Nachname", key="new_lname")
            new_email = st.text_input("E-Mail", key="new_email")
            new_p = st.text_input("Neues Passwort", type="password", key="new_p")
            new_role = st.selectbox("Rolle", ["user", "admin"], key="new_role")

            if st.button("Anlegen"):
                if new_u and new_p:
                    ok = create_user(new_u.strip(), new_p, new_role, new_email, new_fname, new_lname)
                    st.success("Nutzer angelegt.") if ok else st.error("Username bereits vorhanden oder Fehler.")
                else:
                    st.warning("Bitte Username und Passwort eingeben.")

    st.subheader("Dein Bereich")
    st.write(f"Personalisierter Content für **{username}**.")


def main():
    st.set_page_config(
        page_title=f"Co-App Start - V{__version__}",
        page_icon="🔒",
        layout="centered",
    )

    # DB-Struktur sicherstellen
    # init_auth_db()

    # --- Config laden (Cookie, etc.) ---
    with open("config/auth.yaml", "r", encoding="utf-8") as f:
        base_config = yaml.load(f, Loader=SafeLoader)

    # --- Credentials dynamisch aus DB laden ---
    db_creds = load_credentials_from_db()
    base_config["credentials"] = db_creds

    authenticator = stauth.Authenticate(
        base_config["credentials"],
        base_config["cookie"]["name"],
        base_config["cookie"]["key"],
        base_config["cookie"]["expiry_days"],
        #base_config.get("preauthorized", {}),
    )

    #name, auth_status, username = authenticator.login(location="main", key="Login")
    # login_result = authenticator.login(location="main", key="Login")

    # if login_result is None:
    #     st.error("Login-Initialisierung fehlgeschlagen (keine gültigen Credentials?).")
    #     return

    # name, auth_status, username = login_result
    authenticator.login(location="main", key="Login")

    auth_status = st.session_state.get("authentication_status")
    name = st.session_state.get("name")
    username = st.session_state.get("username")



    if auth_status is False:
        st.error("Login fehlgeschlagen.")
        return

    if auth_status is None:
        st.warning("Bitte Benutzername und Passwort eingeben.")
        return

    # ---- Ab hier eingeloggt (persistenter Cookie) ----
    role = get_role_for_user(username)

    authenticator.logout("Logout", "sidebar")
    st.sidebar.write(f"Angemeldet als **{name}** ({username}, Rolle: {role})")

    content_for(username, role)


if __name__ == "__main__":
    main()