pedidos-express/routes/users.py

from datetime import datetime
import json
from logging import getLogger
import re
from uuid import uuid4

from models import user
import redis
from cryptography.fernet import Fernet
from fastapi import APIRouter, Depends, Request
from fastapi.responses import FileResponse, HTMLResponse, JSONResponse
from fastapi.exceptions import HTTPException

from auth.security import generate_token
from auth.security import get_current_user
from config.mails import REGISTER_MAIL, PIN_RECOVERY_MAIL, PIN_SUCCESSFULLY
from config.messages import ErrorResponse, SuccessResponse, UserResponse
from config.settings import APPNAME, DEVELOPMENT, PIN_KEY
from models.user import ForceRegisterUserRequest, LoginRequest, PinRecoveryRequest, PinRecoveryValidateRequest, PinUserRequest, RegisterUserRequest, User, UserIDRequest, UserMail, UserRewardRequest
from services.data_service import BlacklistDataService, UserDataService
from services.email_service import get_email_sender
import services.recovery_service as recovery_service
from utils.responses import error_response, success_response
from utils.rut import validate_rut

fernet = Fernet(PIN_KEY.encode())
logger = getLogger(__name__)
user_data_service = UserDataService()
blacklist_data_service = BlacklistDataService()
user_router = APIRouter()

redis_client = redis.Redis(host='localhost', port=6379, db=1 if DEVELOPMENT else 0, decode_responses=True)

@user_router.post("/exists")
async def exists_user(request: UserIDRequest):
        """Check if user exists"""
        user = user_data_service.get_by_id(request.id)
        if user:
            return success_response(data={"exists": True}, message=UserResponse.USER_EXISTS)
        else:
            return error_response(error={"exists": False}, message=UserResponse.USER_DOES_NOT_EXIST)

@user_router.post("/register")
async def register_user(request: RegisterUserRequest):
    """Register a new user"""
    logger.info(f"Registration attempt for email: {request.email}")
    
    
    
    # Validate RUT
    if not validate_rut(request.rut):
        logger.warning(f"Registration failed for {request.email}: invalid RUT {request.rut}")
        
        return error_response(message=ErrorResponse.INVALID_RUT)

    # Check if user already exists by email
    try:
        user = user_data_service.get_by_email(request.email)
        if user:
            logger.warning(f"Registration failed for {request.email}: user already exists")
            
            return error_response(message=UserResponse.USER_ALREADY_EXISTS)
            
        # Check if RUT already exists
        user = user_data_service.get_by_rut(request.rut)
        if user:
            logger.warning(f"Registration failed for {request.email}: RUT already exists")
            
            return error_response(message=UserResponse.USER_ALREADY_EXISTS)

    except Exception as e:
        error_msg = f"Database error during user validation: {e}"
        logger.error(error_msg)
        

    logger.info(f"Registering user: {request.email}")
    
    try:
        verification_code = str(uuid4())
        
        user_data = {
            "name": request.name,
            "email": request.email,
            "rut": request.rut
        }
        
        redis_client.set(f"verify:{verification_code}", json.dumps(user_data))
        redis_client.expire(f"verify:{verification_code}", 3600)  # Expire in 1 hour
        
        logger.info(f"Verification code generated for {request.email}, code: {verification_code}")

        # Send verification email
        get_email_sender().send_email(
            REGISTER_MAIL["subject"],
            REGISTER_MAIL["body"],
            [request.email], 
            name=request.name, 
            app_name=APPNAME, 
            verification_code=verification_code
        )
        
        
        return success_response(message=SuccessResponse.USER_CREATED_SUCCESS, status_code=201)
        
    except Exception as e:
        error_msg = f"Error during registration process for {request.email}: {e}"
        logger.error(error_msg)
        
        return error_response(message=f"Error interno del servidor: {e}", status_code=500)

@user_router.post("/create-user")
async def create_user(request: PinUserRequest, q: str):
    """Create a new user with PIN"""
    data = redis_client.get(f"verify:{q}")
    if not redis_client.get(f"verify:{q}"):
        return error_response(message=ErrorResponse.INVALID_VERIFICATION_CODE)
    else:
        data = json.loads(str(data))
    name = data.get("name")
    email = data.get("email")
    rut = data.get("rut")
    pin = request.pin
    if not request.pin or len(request.pin) != 4:
        return error_response(message=ErrorResponse.INVALID_PIN)
    userID = user_data_service.create(name, email, rut, pin)
    if userID == -1:
        return error_response(message=UserResponse.USER_ALREADY_EXISTS)
    user = user_data_service.get_by_id(userID)
    if not user:
        logger.error(f"User creation failed for {email}: user not found after creation")
        return error_response(message=ErrorResponse.USER_CREATION_ERROR)

    logger.info(f"User created successfully: {email}")
    return success_response(data={
        **user.model_dump(exclude={"pin_hash"}),
        "token": generate_token(user.email)
    }, message=SuccessResponse.USER_CREATED_SUCCESS, status_code=201)


@user_router.post("/force-register")
async def force_register_user(request: ForceRegisterUserRequest, current_user: User = Depends(get_current_user)):
    """Force register a new user"""
    logger.info(f"Force register attempt for email: {request.email}")
    if (current_user.permissions or -1) < 2:
        return error_response(message=UserResponse.NOT_PERMITTED + f" current permissions: {current_user.permissions}")
    
    
    if not request.pin or len(request.pin) != 4:
        return error_response(message=ErrorResponse.INVALID_PIN)
    userID = user_data_service.create(request.name, request.email, request.rut, request.pin)
    if userID == -1:
        return error_response(message=UserResponse.USER_ALREADY_EXISTS)
    user = user_data_service.get_by_id(userID)
    if not user:
        logger.error(f"User creation failed for {request.email}: user not found after creation")
        return error_response(message=ErrorResponse.USER_CREATION_ERROR)

    logger.info(f"User created successfully: {request.email}")
    return success_response(data={
        **user.model_dump(exclude={"pin_hash"}),
        "token": generate_token(user.email)
    }, message=SuccessResponse.USER_CREATED_SUCCESS)
    

@user_router.post("/login")
async def login_user(request: LoginRequest, http_request: Request):
    """Login user with email and PIN"""
    logger.info(f"Login attempt for email: {request.email}")
    
    
    try:
        is_blocked = redis_client.get(f"blocked:{request.email}")

        if is_blocked:
            try:
                blocked_time_raw = redis_client.ttl(f"blocked:{request.email}")
                blocked_minutes = max(0, int(blocked_time_raw) // 60) if blocked_time_raw and int(blocked_time_raw) > 0 else 0  # type: ignore
            except (ValueError, TypeError):
                blocked_minutes = 0
            
            logger.warning(f"Login attempt for blocked user: {request.email}, blocked for {blocked_minutes} minutes")
            
            return error_response(
                message=UserResponse.USER_FORMAT_BLOCKED.format(time=f"{blocked_minutes} minutos"),
                status_code=403
            )

        # Attempt login
        user = user_data_service.login(request.email, request.pin)

        if user:
            if blacklist_data_service.is_user_blacklisted(user.id):
                logger.warning(f"Login attempt for blacklisted user: {request.email}")
                
                return error_response(
                    message=UserResponse.USER_BLACKLISTED,
                    status_code=403
                )

            # Successful login
            logger.info(f"Successful login for user: {request.email}")
            
            # Check admin access
            referer = http_request.headers.get("Origin", "")
            logger.info(f"Login request referer: {referer}")
            if referer and "admin" in referer:
                user_permissions = user_data_service.permissions(user.id)
                if user_permissions == 0:
                    logger.warning(f"Unauthorized admin access attempt by {request.email}")
                    
                    return error_response(message=UserResponse.NOT_PERMITTED, status_code=403)

            # Clear login attempts and log successful login
            redis_client.delete(f"login_attempts:{request.email}")
            
            
            
            return success_response({
                "id": user.id,
                "name": user.name,
                "email": user.email,
                "kleincoins": user.kleincoins,
                "created_at": user.created_at,
                "token": generate_token(user.email),
                "reward_progress": user.reward_progress,
                "permissions": user.permissions
            }, message=SuccessResponse.LOGIN_SUCCESS)
        else:
            # Failed login: increment attempts in Redis
            redis_client.incr(f"login_attempts:{request.email}")
            redis_client.expire(f"login_attempts:{request.email}", 3600)
            redis_attempts = redis_client.get(f"login_attempts:{request.email}")
            attempts = int(redis_attempts) if redis_attempts else 0  # type: ignore
            
            if attempts >= 5:
                # Too many attempts, block login
                redis_client.set(f"blocked:{request.email}", "true")
                redis_client.expire(f"blocked:{request.email}", 3600)
                
                logger.warning(f"Too many login attempts for {request.email}. User blocked.")
                
                return error_response(message=ErrorResponse.TOO_MANY_ATTEMPTS, status_code=429)
            else:
                logger.warning(f"Failed login attempt for {request.email}. Attempts: {attempts}")
                
            
            # Return unauthorized with attempts remaining
            return error_response(
                error={"attempts_remaining": 5 - attempts if attempts else 5},
                message=ErrorResponse.INVALID_CREDENTIALS, 
                status_code=401
            )
            
    except redis.RedisError as e:
        error_msg = f"Redis error during login for {request.email}: {e}"
        logger.error(error_msg)
        
        return error_response(message="Error interno del servidor", status_code=500)
        
    except Exception as e:
        error_msg = f"Unexpected error during login for {request.email}: {e}"
        logger.error(error_msg)
        
        return error_response(message="Error interno del servidor", status_code=500)

@user_router.get("/guest")
async def guest_login():
    token = generate_token("guest@guest.com", access_token_expire_days=1)
    return success_response(data={"token": token}, message=SuccessResponse.LOGIN_SUCCESS)

@user_router.delete("/delete")
async def delete_user(request: UserIDRequest, current_user: User = Depends(get_current_user)):
    if current_user.permissions != 2:
        return error_response(message=UserResponse.NOT_PERMITTED, status_code=403)
    """Delete a user by ID"""
    user = user_data_service.delete(request.id)
    if user:
        return success_response(message=SuccessResponse.USER_DELETED_SUCCESS)
    else:
        return error_response(message=UserResponse.USER_NOT_FOUND, status_code=404)

@user_router.post("/pin-recovery")
async def change_pin(request: PinRecoveryRequest):
    """Change a user's PIN"""
    user = user_data_service.get_by_email(request.email)
    if not user:
        return error_response(message= UserResponse.USER_NOT_FOUND.format(user_id=request.email), status_code=404)

    real_token = recovery_service.get_token(user.id)
    if real_token and real_token != request.token:
        return error_response(message= "Invalid token")
    logger.info(f"Pin change, to {request.new_pin} for user {user.email}")
    user_data_service.update(user_id=user.id, pin_hash=request.new_pin)
    sender = get_email_sender()
    sender.send_email(
        to=[user.email],
        subject=PIN_SUCCESSFULLY["subject"],
        body=PIN_SUCCESSFULLY["body"].format(app_name=APPNAME, date=datetime.now().strftime("%Y-%m-%d"), time=datetime.now().strftime("%H:%M:%S"), name=user.name)
    )

    return success_response(message= "Recovery email sent")

@user_router.post("/reward")
async def reward_user(request: UserRewardRequest, user: User = Depends(get_current_user)):
    """Reward a user with 1 free beer"""
    if user.reward_progress < 100:
        return error_response(message=UserResponse.REWARD_INSUFFICIENT_PROGRESS.format(progress=user.reward_progress))
    if not user:
        return error_response(message=UserResponse.USER_NOT_FOUND.format(user_id=request.id), status_code=404)
    
    user_data_service.set_reward_progress(user.id, 0)
    return success_response(data={
        "id": user.id,
        "name": user.name,
        "email": user.email,
        "reward_progress": 0
    }, message=SuccessResponse.REWARD_SUCCESS)

@user_router.get("/user")
async def get_cur_user(current_user:User = Depends(get_current_user)):
    """Get current user information"""
    return success_response(data=current_user.model_dump(exclude={"pin_hash", "kleincoins", "rut"}))

@user_router.get("/all")
async def get_all_users():
    """Get all users"""
    users = list(map(lambda u: u.model_dump(), user_data_service.get_all()))
    return success_response(data=users)

@user_router.get("/next")
async def get_next_user_id():
    """Get the next user ID"""
    next_id = user_data_service.get_next_id()
    return success_response(data={"next_id": next_id})
from fastapi import Query

verify_router = APIRouter()

@verify_router.get("/")
async def verify_user(q: str = Query(..., description="q parameter")):
    """Verify a user by ID"""
    # get url params
    if not redis_client.get(f"verify:{q}"):
        return HTMLResponse(
            content="<h1>Invalid verification code</h1>",
            status_code=400
        )
    return FileResponse(
        "public/verify.html",
        media_type="text/html",
    )

recovery_pin_router = APIRouter()

@recovery_pin_router.get("/")
async def pin_forgot_get():
    """Render the PIN forgot page"""
    return FileResponse(
        "public/pin_forgot.html",
        media_type="text/html",
    )

@recovery_pin_router.post("/")
async def pin_forgot_post(request: UserMail):
    """Handle the PIN forgot form submission"""

    user = user_data_service.get_by_email(request.email)
    if not user:
        return error_response(message=UserResponse.USER_NOT_FOUND.format(user_id=request.email), status_code=404)

    recovery_key = recovery_service.generate_recovery_key(user.id)
    sender = get_email_sender()
    sender.send_email(
        to=[user.email],
        subject=PIN_RECOVERY_MAIL["subject"],
        body=PIN_RECOVERY_MAIL["body"].format(app_name=APPNAME, verification_code=recovery_key,name=user.name)
    )
    # Send recovery_key to user's email
    return success_response(message=SuccessResponse.RECOVERY_EMAIL_SENT)

@recovery_pin_router.post("/validate")
async def pin_forgot_validate(request: PinRecoveryValidateRequest):
    """Validate the PIN recovery code"""    
    user = user_data_service.get_by_email(request.email)
    if not user:
        return error_response(message=UserResponse.USER_NOT_FOUND.format(user_id=request.email), status_code=404)
    recovery_data = recovery_service.get_recovery_data(user.id)
    logger.info(f"Recovery data for {request.email}: {recovery_data}|{request.code}")
    if recovery_data.code == -1:
        return error_response(message=UserResponse.USER_NOT_FOUND.format(user_id=request.email), status_code=404)
    if recovery_data.code != request.code:
        return error_response(message="Invalid recovery code")
    token = uuid4().hex
    recovery_service.add_token(user.id, token)
    return success_response(data={"token": token}, message="Recovery code validated successfully")