import jwt
import datetime

from typing import Tuple,Optional
from django.conf import settings

from .models import User

from jwt.exceptions import ExpiredSignatureError, DecodeError


def generate_access_token(user: User) -> str:
    role=None
    if user.role is None and user.is_superuser:
        role='Superuser'    
    elif user.role is None and user.is_staff:
        role='Staff'    
    else:
        role=user.role.name
    token_data = {
        'role': role,
        'phone': user.phone,
        'is_active': user.is_active,
        'is_superuser': user.is_superuser,
        'is_staff': user.is_staff,
        'exp': datetime.datetime.utcnow() + datetime.timedelta(minutes=1440),
        'token_type': 'access'
    }
    token = jwt.encode(payload=token_data, key=settings.SECRET_KEY, algorithm='HS256')
    return token


def generate_refresh_token(user: User) -> str:
    token_data = {
        'phone': user.phone,
        'exp': datetime.datetime.utcnow() + datetime.timedelta(weeks=1),
        'token_type': 'refresh'
    }
    token = jwt.encode(payload=token_data, key=settings.SECRET_KEY, algorithm='HS256')
    return token


def creat_tokens(user: User) -> Tuple[str, str]:
    return generate_access_token(user=user)


def verify_token(token: str) -> Optional[User]:
    try:
        decoded_data = jwt.decode(token, settings.SECRET_KEY, algorithms=['HS256'])
        is_valid = decoded_data.get('is_active', False)
        if not is_valid:
            return None

        exp_timestamp = decoded_data.get('exp', None)
        if exp_timestamp and exp_timestamp < datetime.datetime.now(datetime.timezone.utc).timestamp():
            return None

        user = User.objects.get(phone=decoded_data['phone'])
        if not user.is_verified:
            return None
        return user

    except ExpiredSignatureError:
        return None
    except DecodeError:
        return None
    except User.DoesNotExist:
        return None