from datetime import datetime
from fastapi import APIRouter, Depends, HTTPException, status
from fastapi.security import OAuth2PasswordRequestForm
from sqlalchemy.orm import Session
from app.core.database import get_db
from app.core.security_admin import create_admin_access_token, verify_password
from app.models.admin_user import AdminUser

router = APIRouter()

@router.post("/login")
def admin_login(form: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db)):
    # username/password로만 사용 (scope 미사용)
    admin = db.query(AdminUser).filter(AdminUser.username == form.username).first()
    if not admin or not admin.is_active or not verify_password(form.password, admin.password_hash):
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials")
    token = create_admin_access_token(sub=admin.username, minutes=60)
    admin.last_login_at = datetime.utcnow()
    db.commit()
    return {"access_token": token, "token_type": "bearer"}