from datetime import timedelta
from flask import Flask, abort, jsonify, make_response, request
from flask_bcrypt import Bcrypt
from flask_jwt_extended import JWTManager, create_access_token, create_refresh_token, get_jwt_identity, jwt_required

import logging
import sqlite3
import sys

app = Flask(__name__)
app.config['JWT_SECRET_KEY'] = 'secret'  # TODO change and load from a secrets store
app.config['JWT_ACCESS_TOKEN_EXPIRES'] = timedelta(hours=1)
app.config['JWT_REFRESH_TOKEN_EXPIRES'] = timedelta(days=30)
flask_bcrypt = Bcrypt(app)
jwt = JWTManager(app)

cur = sqlite3.connect("sms.db")

file_handler = logging.FileHandler('log/out.log')
file_handler.setLevel(logging.INFO)
file_handler.setFormatter(logging.Formatter('%(asctime)s %(levelname)s: %(message)s [in %(pathname)s:%(lineno)d]'))
app.logger.addHandler(file_handler)
app.logger.setLevel(logging.INFO)


@app.route("/login", methods=["POST"])
def login():
    access_key = request.json.get("access_key", None)
    if access_key is None:
        return make_response(jsonify({"msg": "Missing access key"}), 400)

    secret_key = request.json.get("secret_key", None)
    if secret_key is None:
        return make_response(jsonify({"msg": "Missing secret key"}), 400)

    res = cur.execute("SELECT access_key, secret_key_hash FROM devices WHERE access_key = ?", (access_key,))
    res_tuple = res.fetchone()
    if res_tuple is None:
        return make_response(jsonify({"msg": "Invalid access key or secret key"}), 401)

    secret_key_hash = res_tuple[1]
    if flask_bcrypt.check_password_hash(secret_key_hash, secret_key):
        # generate and return JWT
        return make_response(
                jsonify({"access_token": create_access_token(identity=access_key),
                         "refresh_token": create_refresh_token(identity=access_key)}),
                200)
    else:
        return make_response(jsonify({"msg": "Invalid access key or secret key"}), 401)


@app.route("/verify-token", methods=["GET"])
@jwt_required()
def verify_token():
    return make_response(jsonify(logged_in_as=get_jwt_identity()), 200)


@app.route("/refresh-token", methods=["POST"])
@jwt_required(refresh=True)
def refresh_token():
    return make_response(jsonify({"access_token": create_access_token(identity=get_jwt_identity())}), 200)