"""
Authentication utilities for QR Code Manager
"""

import os
import bcrypt
from functools import wraps
from flask import session, redirect, url_for, request, jsonify

# Admin configuration
ADMIN_USERNAME = os.environ.get('ADMIN_USERNAME', 'admin')
ADMIN_PASSWORD_HASH = None

def init_admin():
    """Initialize admin user with password from environment or default"""
    global ADMIN_PASSWORD_HASH
    admin_password = os.environ.get('ADMIN_PASSWORD', 'admin123')
    ADMIN_PASSWORD_HASH = bcrypt.hashpw(admin_password.encode('utf-8'), bcrypt.gensalt())
    print(f"Admin user initialized: {ADMIN_USERNAME}")
    print(f"Default password: {admin_password if admin_password == 'admin123' else '***'}")

def verify_password(password, hashed):
    """Verify a password against its hash"""
    return bcrypt.checkpw(password.encode('utf-8'), hashed)

def login_required(f):
    """Authentication decorator"""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if 'logged_in' not in session:
            if request.endpoint and request.endpoint.startswith('api'):
                return jsonify({'error': 'Authentication required'}), 401
            return redirect(url_for('auth.login'))
        return f(*args, **kwargs)
    return decorated_function

def get_admin_credentials():
    """Get admin credentials for authentication"""
    return ADMIN_USERNAME, ADMIN_PASSWORD_HASH