from django.http import JsonResponse
from django.views.decorators.csrf import csrf_exempt
from .models import PasswordEntry
from .utils import authenticate, derive_key, encrypt_password, decrypt_password
import json

@csrf_exempt
def add_password_api(request):
    if request.method == 'POST':
        data = json.loads(request.body)
        master_password = data.get('master_password')
        site = data.get('site')
        username = data.get('username')
        password = data.get('password')
        client_id = data.get('client_id')
        topic = data.get('topic')

        if not authenticate(master_password):
            return JsonResponse({"error": "Master password errata"}, status=403)

        key = derive_key(master_password)
        encrypted_password = encrypt_password(password, key)

        PasswordEntry.objects.create(
            site=site,
            username=username,
            password=encrypted_password,
            client_id=client_id,
            topic=topic
        )
        return JsonResponse({"message": "Password aggiunta con successo"})

@csrf_exempt
def get_password_api(request):
    if request.method == 'POST':
        data = json.loads(request.body)
        master_password = data.get('master_password')
        site = data.get('site')

        if not authenticate(master_password):
            return JsonResponse({"error": "Master password errata"}, status=403)

        key = derive_key(master_password)
        try:
            entry = PasswordEntry.objects.get(site=site)
            decrypted_password = decrypt_password(entry.password, key)
            return JsonResponse({
                "site": entry.site,
                "username": entry.username,
                "password": decrypted_password,
                "client_id": entry.client_id,
                "topic": entry.topic
            })
        except PasswordEntry.DoesNotExist:
            return JsonResponse({"error": "Sito non trovato"}, status=404)

@csrf_exempt
def delete_password_api(request):
    if request.method == 'POST':
        data = json.loads(request.body)
        master_password = data.get('master_password')
        site = data.get('site')

        if not authenticate(master_password):
            return JsonResponse({"error": "Master password errata"}, status=403)

        try:
            entry = PasswordEntry.objects.get(site=site)
            entry.delete()
            return JsonResponse({"message": "Password cancellata con successo"})
        except PasswordEntry.DoesNotExist:
            return JsonResponse({"error": "Sito non trovato"}, status=404)

@csrf_exempt
def list_sites_api(request):
    if request.method == 'POST':
        data = json.loads(request.body)
        master_password = data.get('master_password')

        if not authenticate(master_password):
            return JsonResponse({"error": "Master password errata"}, status=403)

        sites = PasswordEntry.objects.values_list('site', flat=True)
        return JsonResponse({"sites": list(sites)})