"""
用户相关路由
提供用户信息更新、密码修改接口
"""
from fastapi import APIRouter, Depends, HTTPException, status
from sqlalchemy.orm import Session

from ..database import get_db
from ..models import User
from ..schemas import UserResponse, UserUpdate, PasswordChange
from ..utils.deps import get_current_user
from ..utils.security import verify_password, get_password_hash

router = APIRouter(prefix="/api/users", tags=["用户"])


@router.put("/profile", response_model=UserResponse)
def update_profile(
    user_data: UserUpdate,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
):
    """
    更新个人信息
    需要认证
    """
    # 更新非空字段
    if user_data.nickname is not None:
        current_user.nickname = user_data.nickname
    
    if user_data.phone is not None:
        # 检查手机号是否已被其他用户使用
        if user_data.phone:
            existing_user = db.query(User).filter(
                User.phone == user_data.phone,
                User.id != current_user.id
            ).first()
            if existing_user:
                raise HTTPException(
                    status_code=status.HTTP_400_BAD_REQUEST,
                    detail="手机号已被使用"
                )
        current_user.phone = user_data.phone
    
    if user_data.avatar is not None:
        current_user.avatar = user_data.avatar
    
    db.commit()
    db.refresh(current_user)
    
    return current_user


@router.put("/password")
def change_password(
    password_data: PasswordChange,
    db: Session = Depends(get_db),
    current_user: User = Depends(get_current_user)
):
    """
    修改密码
    需要认证，旧密码错误返回 400
    """
    # 验证旧密码
    if not verify_password(password_data.old_password, current_user.hashed_password):
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="旧密码错误"
        )
    
    # 更新密码
    current_user.hashed_password = get_password_hash(password_data.new_password)
    db.commit()
    
    return {"message": "密码修改成功"}