app.py

"""
TreeTrack FastAPI Application - Supabase Edition
Clean implementation using Supabase Postgres + Storage
"""

import json
import logging
import time
from datetime import datetime
from typing import Any, Optional, List, Dict

import uvicorn
from fastapi import FastAPI, HTTPException, Request, status, File, UploadFile, Form, Depends
from fastapi.middleware.cors import CORSMiddleware
from fastapi.responses import HTMLResponse, RedirectResponse, Response
from fastapi.staticfiles import StaticFiles
from pydantic import BaseModel, Field, field_validator
import os

# Import our Supabase components
from supabase_database import SupabaseDatabase
from supabase_storage import SupabaseFileStorage
from config import get_settings
from master_tree_database import create_master_tree_database, get_tree_suggestions, get_all_tree_codes
from auth import auth_manager

# Configure logging
logging.basicConfig(
    level=logging.INFO,
    format="%(asctime)s - %(name)s - %(levelname)s - %(message)s",
    handlers=[logging.FileHandler("app.log"), logging.StreamHandler()],
)
logger = logging.getLogger(__name__)

# Log startup
build_time = os.environ.get('BUILD_TIME', 'unknown')
logger.info(f"TreeTrack Supabase Edition starting - Build time: {build_time}")

# Get configuration settings
settings = get_settings()

# Initialize FastAPI app
app = FastAPI(
    title="TreeTrack - Supabase Edition",
    description="Tree mapping and tracking with persistent cloud storage",
    version="3.0.0",
    docs_url="/docs",
    redoc_url="/redoc",
)

# CORS middleware
app.add_middleware(
    CORSMiddleware,
    allow_origins=settings.security.cors_origins,
    allow_credentials=True,
    allow_methods=["GET", "POST", "PUT", "DELETE"],
    allow_headers=["*"],
)

# Serve static files
app.mount("/static", StaticFiles(directory="static"), name="static")

# Initialize Supabase components
db = SupabaseDatabase()
storage = SupabaseFileStorage()

# Authentication models
class LoginRequest(BaseModel):
    username: str
    password: str

class LoginResponse(BaseModel):
    token: str
    user: Dict[str, Any]

class UserInfo(BaseModel):
    username: str
    role: str
    full_name: str
    permissions: List[str]

class DemoLoginResponse(BaseModel):
    token: str
    user: Dict[str, Any]
    is_demo_mode: bool = True

# Helper function for authentication
def get_current_user(request: Request) -> Optional[Dict[str, Any]]:
    """Extract user info from request headers or cookies"""
    # Try Authorization header first (for API calls)
    auth_header = request.headers.get('Authorization')
    if auth_header and auth_header.startswith('Bearer '):
        token = auth_header.split(' ')[1]
        return auth_manager.validate_session(token)
    
    # Try cookie for web page requests
    auth_cookie = request.cookies.get('auth_token')
    if auth_cookie:
        return auth_manager.validate_session(auth_cookie)
    
    return None

def require_auth(request: Request) -> Dict[str, Any]:
    """Dependency that requires authentication"""
    user = get_current_user(request)
    if not user:
        # Server-side auth telemetry for unauthorized access
        try:
            _record_server_telemetry(
                request=request,
                event_type='auth',
                status='unauthorized',
                metadata={
                    'path': str(request.url),
                    'method': request.method,
                    'has_auth_header': bool(request.headers.get('Authorization'))
                },
                user=None
            )
        except Exception:
            pass
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Authentication required",
            headers={"WWW-Authenticate": "Bearer"},
        )
    return user

def require_permission(permission: str):
    """Dependency factory for specific permissions"""
    def check_permission(request: Request) -> Dict[str, Any]:
        user = require_auth(request)
        if permission not in user.get('permissions', []):
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail=f"Permission '{permission}' required"
            )
        return user
    return check_permission

# Pydantic models (same as before)
class Tree(BaseModel):
    """Complete tree model with all 12 fields"""
    id: int
    latitude: float
    longitude: float
    location_name: Optional[str] = None
    local_name: Optional[str] = None
    scientific_name: Optional[str] = None
    common_name: Optional[str] = None
    tree_code: Optional[str] = None
    height: Optional[float] = None
    width: Optional[float] = None
    utility: Optional[List[str]] = None
    storytelling_text: Optional[str] = None
    storytelling_audio: Optional[str] = None
    phenology_stages: Optional[List[str]] = None
    photographs: Optional[Dict[str, str]] = None
    notes: Optional[str] = None
    created_at: str
    updated_at: Optional[str] = None
    created_by: str = "system"


class TreeCreate(BaseModel):
    """Model for creating new tree records"""
    latitude: float = Field(..., ge=-90, le=90, description="Latitude in decimal degrees")
    longitude: float = Field(..., ge=-180, le=180, description="Longitude in decimal degrees")
    location_name: Optional[str] = Field(None, max_length=200, description="Human-readable location (e.g., landmark)")
    local_name: Optional[str] = Field(None, max_length=200, description="Local Assamese name")
    scientific_name: Optional[str] = Field(None, max_length=200, description="Scientific name")
    common_name: Optional[str] = Field(None, max_length=200, description="Common name")
    tree_code: Optional[str] = Field(None, max_length=20, description="Tree reference code")
    height: Optional[float] = Field(None, gt=0, le=1000, description="Height in feet (ft)")
    width: Optional[float] = Field(None, gt=0, le=200, description="Girth/DBH in feet (ft)")
    utility: Optional[List[str]] = Field(None, description="Ecological/cultural utilities")
    storytelling_text: Optional[str] = Field(None, max_length=5000, description="Stories and narratives")
    storytelling_audio: Optional[str] = Field(None, description="Audio file path")
    phenology_stages: Optional[List[str]] = Field(None, description="Current development stages")
    photographs: Optional[Dict[str, str]] = Field(None, description="Photo categories and paths")
    notes: Optional[str] = Field(None, max_length=2000, description="Additional observations")

    @field_validator("utility", mode='before')
    @classmethod
    def validate_utility(cls, v):
        if isinstance(v, str):
            try:
                v = json.loads(v)
            except json.JSONDecodeError:
                raise ValueError(f"Invalid JSON string for utility: {v}")
        
        if v is not None:
            valid_utilities = [
                "Religious", "Timber", "Biodiversity", "Hydrological benefit", 
                "Faunal interaction", "Food", "Medicine", "Shelter", "Cultural"
            ]
            for item in v:
                if item not in valid_utilities:
                    raise ValueError(f"Invalid utility: {item}")
        return v

    @field_validator("phenology_stages", mode='before')
    @classmethod
    def validate_phenology(cls, v):
        if isinstance(v, str):
            try:
                v = json.loads(v)
            except json.JSONDecodeError:
                raise ValueError(f"Invalid JSON string for phenology_stages: {v}")
        
        if v is not None:
            valid_stages = [
                "New leaves", "Old leaves", "Open flowers", "Fruiting", 
                "Ripe fruit", "Recent fruit drop", "Other"
            ]
            for stage in v:
                if stage not in valid_stages:
                    raise ValueError(f"Invalid phenology stage: {stage}")
        return v

    @field_validator("photographs", mode='before')
    @classmethod
    def validate_photographs(cls, v):
        if isinstance(v, str):
            try:
                v = json.loads(v)
            except json.JSONDecodeError:
                raise ValueError(f"Invalid JSON string for photographs: {v}")
        
        if v is not None:
            valid_categories = ["Leaf", "Bark", "Fruit", "Seed", "Flower", "Full tree"]
            for category in v.keys():
                if category not in valid_categories:
                    raise ValueError(f"Invalid photo category: {category}")
        return v


class TreeUpdate(BaseModel):
    """Model for updating tree records"""
    latitude: Optional[float] = Field(None, ge=-90, le=90)
    longitude: Optional[float] = Field(None, ge=-180, le=180)
    location_name: Optional[str] = Field(None, max_length=200)
    local_name: Optional[str] = Field(None, max_length=200)
    scientific_name: Optional[str] = Field(None, max_length=200)
    common_name: Optional[str] = Field(None, max_length=200)
    tree_code: Optional[str] = Field(None, max_length=20)
    height: Optional[float] = Field(None, gt=0, le=1000)
    width: Optional[float] = Field(None, gt=0, le=200)
    utility: Optional[List[str]] = None
    storytelling_text: Optional[str] = Field(None, max_length=5000)
    storytelling_audio: Optional[str] = None
    phenology_stages: Optional[List[str]] = None
    photographs: Optional[Dict[str, str]] = None
    notes: Optional[str] = Field(None, max_length=2000)


# Application startup
@app.on_event("startup")
async def startup_event():
    """Initialize application"""
    try:
        # Initialize master tree database (always works - local SQLite)
        create_master_tree_database()
        logger.info("Master tree database initialized with 146 species")
        
        # Test Supabase connection (non-blocking)
        try:
            if db.test_connection():
                # Initialize database schema if connection works
                db.initialize_database()
                
                # Log success
                tree_count = db.get_tree_count()
                logger.info(f"TreeTrack Supabase Edition initialized - {tree_count} trees in database")
            else:
                logger.warning("Supabase connection failed - running in limited mode")
                logger.warning("Database operations will fail until Supabase is configured")
        except Exception as db_error:
            logger.error(f"Supabase connection error: {db_error}")
            logger.warning("App starting in limited mode - only master tree database available")
        
        logger.info("TreeTrack application startup complete")
        
    except Exception as e:
        logger.error(f"Critical application startup failed: {e}")
        # Only fail if master database fails (shouldn't happen)
        raise


# Health check
@app.get("/health", tags=["Health"])
async def health_check():
    """Health check endpoint"""
    try:
        connection_ok = db.test_connection()
        tree_count = db.get_tree_count() if connection_ok else 0
        
        # Include environment debug info
        import os
        supabase_url = os.getenv("SUPABASE_URL", "NOT_SET")
        supabase_anon_key = os.getenv("SUPABASE_ANON_KEY", "NOT_SET")
        
        return {
            "status": "healthy" if connection_ok else "limited",
            "database": "connected" if connection_ok else "disconnected", 
            "trees": tree_count,
            "master_database": "available",
            "timestamp": datetime.now().isoformat(),
            "version": "3.0.0",
            "environment": {
                "supabase_url": supabase_url[:50] + "..." if len(supabase_url) > 50 else supabase_url,
                "supabase_anon_key": "SET" if supabase_anon_key != "NOT_SET" else "NOT_SET",
                "port": os.getenv("PORT", "7860")
            }
        }
    except Exception as e:
        logger.error(f"Health check failed: {e}")
        return {
            "status": "unhealthy",
            "error": str(e),
            "timestamp": datetime.now().isoformat(),
        }


# Authentication routes
@app.post("/api/auth/login", response_model=LoginResponse, tags=["Authentication"])
async def login(login_data: LoginRequest, response: Response):
    """Authenticate user and create session"""
    result = auth_manager.authenticate(login_data.username, login_data.password)
    if not result:
        # Telemetry: login failure
        try:
            # Construct a minimal request-like object for _record_server_telemetry if needed
            from fastapi import Request as _Req
        except Exception:
            pass
        # We have the real request inside FastAPI dependency; emulate via middleware not needed here
        # Instead, log via logger for this path
        # Note: We cannot access Request here directly, so we skip client context
        # Use file-based fallback
        _write_telemetry({
            'event_type': 'auth',
            'status': 'login_failed',
            'metadata': {'username': login_data.username},
            'timestamp': datetime.now().isoformat()
        })
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid username or password"
        )
    
    # Set authentication cookie for web page requests
    response.set_cookie(
        key="auth_token",
        value=result["token"],
        max_age=8*60*60,  # 8 hours (same as session timeout)
        httponly=True,    # Prevent JavaScript access for security
        secure=True,      # HTTPS required for HuggingFace Spaces
        samesite="lax"    # CSRF protection
    )
    
    # Telemetry: login success (server-side)
    try:
        # We cannot access Request here directly; emit without client metadata
        _write_telemetry({
            'event_type': 'auth',
            'status': 'login_success',
            'metadata': {'username': login_data.username},
            'timestamp': datetime.now().isoformat(),
            'user': {'username': result['user']['username'], 'role': result['user']['role']}
        })
    except Exception:
        pass
    return result


@app.get("/api/auth/validate", tags=["Authentication"])
async def validate_session(user: Dict[str, Any] = Depends(require_auth)):
    """Validate current session"""
    return {
        "valid": True,
        "user": user
    }

@app.post("/api/auth/logout", tags=["Authentication"])
async def logout(request: Request, response: Response):
    """Logout user and invalidate session"""
    # Get token from header or cookie
    token = None
    auth_header = request.headers.get('Authorization')
    if auth_header and auth_header.startswith('Bearer '):
        token = auth_header.split(' ')[1]
    else:
        token = request.cookies.get('auth_token')
    
    if token:
        # Telemetry: logout server-side
        try:
            session = auth_manager.validate_session(token)
            _record_server_telemetry(
                request=request,
                event_type='auth',
                status='logout',
                metadata={'path': str(request.url)},
                user=session or None
            )
        except Exception:
            pass
        auth_manager.logout(token)
    
    # Clear the authentication cookie (must match creation parameters)
    response.delete_cookie(
        key="auth_token",
        secure=True,
        samesite="lax"
    )
    
    return {"message": "Logged out successfully"}

@app.get("/api/auth/user", response_model=UserInfo, tags=["Authentication"])
async def get_user_info(user: Dict[str, Any] = Depends(require_auth)):
    """Get current user information"""
    return UserInfo(
        username=user["username"],
        role=user["role"],
        full_name=user["full_name"],
        permissions=user["permissions"]
    )

# Frontend routes
@app.get("/welcome", response_class=HTMLResponse, tags=["Frontend"])
async def serve_welcome(request: Request):
    """Serve the demo welcome screen for authenticated users"""
    user = get_current_user(request)
    if not user:
        return RedirectResponse(url="/login")
        
    try:
        with open("static/welcome.html", encoding="utf-8") as f:
            content = f.read()
        return HTMLResponse(content=content)
    except FileNotFoundError:
        logger.error("welcome.html not found")
        raise HTTPException(status_code=404, detail="Welcome page not found")

@app.get("/login", response_class=HTMLResponse, tags=["Frontend"])
async def serve_login():
    """Serve the login page"""
    try:
        with open("static/login.html", encoding="utf-8") as f:
            content = f.read()
        return HTMLResponse(content=content)
    except FileNotFoundError:
        logger.error("login.html not found")
        raise HTTPException(status_code=404, detail="Login page not found")

@app.get("/", response_class=HTMLResponse, tags=["Frontend"])
async def read_root(request: Request):
    """Serve main app or redirect based on user type"""
    user = get_current_user(request)
    
    # No user? Redirect to login
    if not user:
        return RedirectResponse(url="/login")
    
    # Demo users see welcome screen after login
    if user.get('role') == 'demo_user':
        return RedirectResponse(url="/welcome")
    
    # Regular authenticated users get the app directly
    try:
        with open("static/index.html", encoding="utf-8") as f:
            content = f.read()
        return HTMLResponse(content=content)
    except FileNotFoundError:
        raise HTTPException(status_code=404, detail="App not found")

@app.get("/form", response_class=HTMLResponse, tags=["Frontend"])
async def serve_form(request: Request):
    """Direct access to form for demo users"""
    user = get_current_user(request)
    if not user:
        return RedirectResponse(url="/login")
    
    try:
        with open("static/index.html", encoding="utf-8") as f:
            content = f.read()
        return HTMLResponse(content=content)
    except FileNotFoundError:
        raise HTTPException(status_code=404, detail="Form not found")

@app.get("/map", response_class=HTMLResponse, tags=["Frontend"])
async def serve_map(request: Request):
    """Serve the map page with auth check"""
    # Check if user is authenticated
    user = get_current_user(request)
    
    # Redirect to login if not authenticated
    if not user:
        return RedirectResponse(url="/login")
    
    return RedirectResponse(url="/static/map.html")

@app.get("/contributors", response_class=HTMLResponse, tags=["Frontend"])
async def serve_contributors(request: Request):
    """Serve the contributors page with auth check"""
    user = get_current_user(request)
    if not user:
        return RedirectResponse(url="/login")
    
    try:
        with open("static/contributors.html", encoding="utf-8") as f:
            content = f.read()
        return HTMLResponse(content=content)
    except FileNotFoundError:
        logger.error("contributors.html not found")
        raise HTTPException(status_code=404, detail="Contributors page not found")

@app.get("/api/dashboard/stats", tags=["Dashboard"])
async def get_dashboard_stats(user: Dict[str, Any] = Depends(require_auth)):
    """Get dashboard statistics"""
    try:
        # Get basic tree statistics
        total_trees = db.get_tree_count()  # Remove await - method is not async
        
        # Get unique species count
        trees = await db.get_trees(limit=10000, offset=0)  # Get all for counting
        unique_species = set()
        for tree in trees:
            if hasattr(tree, 'scientific_name') and tree.scientific_name:
                unique_species.add(tree.scientific_name)
            elif hasattr(tree, 'common_name') and tree.common_name:
                unique_species.add(tree.common_name)
        
        # Get last update time
        last_updated = None
        if trees:
            last_updated = max(tree.updated_at or tree.created_at for tree in trees)
        
        return {
            "totalTrees": total_trees,
            "totalSpecies": len(unique_species),
            "totalUsers": 4,  # Static count for now
            "lastUpdated": last_updated
        }
    except Exception as e:
        logger.error(f"Error getting dashboard stats: {e}")
        # Return basic fallback stats
        return {
            "totalTrees": 0,
            "totalSpecies": 0,
            "totalUsers": 4,
            "lastUpdated": None
        }


# Tree CRUD Operations
@app.get("/api/trees", response_model=List[Tree], tags=["Trees"])
async def get_trees(
    limit: int = 100,
    offset: int = 0,
    species: str = None,
    health_status: str = None,
    user: Dict[str, Any] = Depends(require_auth)
):
    """Get trees with pagination and filters"""
    if limit < 1 or limit > settings.server.max_trees_per_request:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail=f"Limit must be between 1 and {settings.server.max_trees_per_request}",
        )
    if offset < 0:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Offset must be non-negative",
        )
    
    try:
        trees = await db.get_trees(limit=limit, offset=offset, species=species, health_status=health_status)
        
        # For map performance: Skip image processing for bulk tree requests
        # Images are not needed for map markers and clustering
        return trees
        
    except RuntimeError as e:
        if "Database not connected" in str(e):
            raise HTTPException(status_code=503, detail="Database not configured")
        raise HTTPException(status_code=500, detail="Database error")
    except Exception as e:
        logger.error(f"Error retrieving trees: {e}")
        raise HTTPException(status_code=500, detail="Failed to retrieve trees")


@app.post("/api/trees", response_model=Tree, status_code=status.HTTP_201_CREATED, tags=["Trees"])
async def create_tree(tree: TreeCreate, user: Dict[str, Any] = Depends(require_auth)):
    """Create a new tree record (demo mode aware)"""
    try:
        # Check if user is in demo mode (conference participant)
        is_demo_user = "demo_interact" in user.get("permissions", [])
        
        if is_demo_user:
            # Demo mode: Return mock success response without saving
            tree_data = tree.model_dump(exclude_unset=True)
            tree_data['created_by'] = user['username']
            
            # Create a mock tree response
            mock_tree = {
                "id": 9999,  # Mock ID
                "created_at": datetime.now().isoformat(),
                "updated_at": datetime.now().isoformat(),
                **tree_data
            }
            
            logger.info(f"Demo mode: Mock tree creation for conference participant")
            return mock_tree
        
        # Check write permission for regular users
        if "write" not in user.get("permissions", []):
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Insufficient permissions to create trees"
            )
        
        # Convert to dict for database insertion
        tree_data = tree.model_dump(exclude_unset=True)
        
        # Add created_by field
        tree_data['created_by'] = user['username']
        
        # Create tree in database
        created_tree = await db.create_tree(tree_data)
        
        # Process files and return with URLs
        processed_tree = storage.process_tree_files(created_tree)
        
        logger.info(f"Created tree with ID: {created_tree.get('id')}")
        return processed_tree
        
    except HTTPException:
        raise
    except Exception as e:
        logger.error(f"Error creating tree: {e}")
        raise HTTPException(status_code=500, detail="Failed to create tree")


@app.get("/api/trees/{tree_id}", response_model=Tree, tags=["Trees"])
async def get_tree(tree_id: int, user: Dict[str, Any] = Depends(require_auth)):
    """Get a specific tree by ID"""
    try:
        tree = await db.get_tree(tree_id)
        
        if tree is None:
            raise HTTPException(
                status_code=status.HTTP_404_NOT_FOUND,
                detail=f"Tree with ID {tree_id} not found",
            )
        
        # Process files and return with URLs
        processed_tree = storage.process_tree_files(tree)
        return processed_tree
        
    except HTTPException:
        raise
    except Exception as e:
        logger.error(f"Error retrieving tree {tree_id}: {e}")
        raise HTTPException(status_code=500, detail="Failed to retrieve tree")


@app.put("/api/trees/{tree_id}", response_model=Tree, tags=["Trees"])
async def update_tree(tree_id: int, tree_update: TreeUpdate, request: Request):
    """Update a tree record"""
    try:
        # Get current user
        user = require_auth(request)
        
        # Get existing tree to check permissions
        existing_tree = await db.get_tree(tree_id)
        if not existing_tree:
            raise HTTPException(
                status_code=status.HTTP_404_NOT_FOUND,
                detail=f"Tree with ID {tree_id} not found",
            )
        
        # Get token from header or cookie for permission checking
        token = None
        auth_header = request.headers.get('Authorization', '')
        if auth_header.startswith('Bearer '):
            token = auth_header.split(' ')[1]
        else:
            token = request.cookies.get('auth_token')
        
        if not token or not auth_manager.can_edit_tree(token, existing_tree.get('created_by', '')):
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="You don't have permission to edit this tree",
            )
        
        # Convert to dict for database update
        update_data = tree_update.model_dump(exclude_unset=True)
        
        if not update_data:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail="No update data provided",
            )
        
        # Update tree in database
        logger.info(f"Updating tree {tree_id} with fields: {list(update_data.keys())}")
        updated_tree = await db.update_tree(tree_id, update_data)
        
        # Process files and return with URLs
        processed_tree = storage.process_tree_files(updated_tree)
        
        logger.info(f"Updated tree with ID: {tree_id}")
        return processed_tree
        
    except HTTPException:
        raise
    except Exception as e:
        logger.error(f"Error updating tree {tree_id}: {e}")
        raise HTTPException(status_code=500, detail="Failed to update tree")


@app.delete("/api/trees/{tree_id}", tags=["Trees"])
async def delete_tree(tree_id: int, request: Request):
    """Delete a tree record"""
    try:
        # Get current user
        user = require_auth(request)
        
        # Get tree data first to clean up files
        tree = await db.get_tree(tree_id)
        
        if tree is None:
            raise HTTPException(
                status_code=status.HTTP_404_NOT_FOUND,
                detail=f"Tree with ID {tree_id} not found",
            )
        
        # Get token from header or cookie for permission checking
        token = None
        auth_header = request.headers.get('Authorization', '')
        if auth_header.startswith('Bearer '):
            token = auth_header.split(' ')[1]
        else:
            token = request.cookies.get('auth_token')
        
        if not token or not auth_manager.can_delete_tree(token, tree.get('created_by', '')):
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="You don't have permission to delete this tree",
            )
        
        # Delete tree from database
        await db.delete_tree(tree_id)
        
        # Clean up associated files
        try:
            if tree.get('photographs'):
                for file_path in tree['photographs'].values():
                    if file_path:
                        storage.delete_image(file_path)
            
            if tree.get('storytelling_audio'):
                storage.delete_audio(tree['storytelling_audio'])
        except Exception as e:
            logger.warning(f"Failed to clean up files for tree {tree_id}: {e}")
        
        logger.info(f"Deleted tree with ID: {tree_id}")
        return {"message": f"Tree {tree_id} deleted successfully"}
        
    except HTTPException:
        raise
    except Exception as e:
        logger.error(f"Error deleting tree {tree_id}: {e}")
        raise HTTPException(status_code=500, detail="Failed to delete tree")


# File Upload Endpoints
@app.post("/api/upload/image", tags=["Files"])
async def upload_image(
    file: UploadFile = File(...),
    category: str = Form(...),
    user: Dict[str, Any] = Depends(require_auth)
):
    """Upload an image file with cloud persistence (demo mode aware)"""
    # Validate file type
    if not file.content_type or not file.content_type.startswith('image/'):
        raise HTTPException(status_code=400, detail="File must be an image")
    
    # Validate category
    valid_categories = ["Leaf", "Bark", "Fruit", "Seed", "Flower", "Full tree"]
    if category not in valid_categories:
        raise HTTPException(
            status_code=400,
            detail=f"Category must be one of: {valid_categories}"
        )
    
    try:
        # Check if user is in demo mode
        is_demo_user = "demo_interact" in user.get("permissions", [])
        
        if is_demo_user:
            # Demo mode: Return mock success without uploading
            await file.read()  # Consume the file to prevent issues
            
            logger.info(f"Demo mode: Mock image upload for conference participant")
            
            return {
                "filename": f"demo_{file.filename}",
                "category": category,
                "size": 0,
                "content_type": file.content_type,
                "bucket": "demo-bucket",
                "success": True
            }
        
        # Check write permission for regular users
        if "write" not in user.get("permissions", []):
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Insufficient permissions to upload files"
            )
        
        # Read file content
        content = await file.read()
        
        # Upload to Supabase Storage
        result = storage.upload_image(content, file.filename, category)
        
        logger.info(f"Image uploaded successfully: {result['filename']}")
        
        return {
            "filename": result['filename'],
            "category": category,
            "size": result['size'],
            "content_type": file.content_type,
            "bucket": result['bucket'],
            "success": True
        }
        
    except HTTPException:
        raise
    except Exception as e:
        logger.error(f"Error uploading image: {e}")
        raise HTTPException(status_code=500, detail=str(e))


@app.post("/api/upload/audio", tags=["Files"])
async def upload_audio(file: UploadFile = File(...), user: Dict[str, Any] = Depends(require_auth)):
    """Upload an audio file with cloud persistence (demo mode aware)"""
    # Validate file type
    if not file.content_type or not file.content_type.startswith('audio/'):
        raise HTTPException(status_code=400, detail="File must be an audio file")
    
    try:
        # Check if user is in demo mode
        is_demo_user = "demo_interact" in user.get("permissions", [])
        
        if is_demo_user:
            # Demo mode: Return mock success without uploading
            await file.read()  # Consume the file to prevent issues
            
            logger.info(f"Demo mode: Mock audio upload for conference participant")
            
            return {
                "filename": f"demo_{file.filename}",
                "size": 0,
                "content_type": file.content_type,
                "bucket": "demo-bucket",
                "success": True
            }
        
        # Check write permission for regular users
        if "write" not in user.get("permissions", []):
            raise HTTPException(
                status_code=status.HTTP_403_FORBIDDEN,
                detail="Insufficient permissions to upload files"
            )
        
        # Read file content
        content = await file.read()
        
        # Upload to Supabase Storage
        result = storage.upload_audio(content, file.filename)
        
        logger.info(f"Audio uploaded successfully: {result['filename']}")
        
        return {
            "filename": result['filename'],
            "size": result['size'],
            "content_type": file.content_type,
            "bucket": result['bucket'],
            "success": True
        }
        
    except HTTPException:
        raise
    except Exception as e:
        logger.error(f"Error uploading audio: {e}")
        raise HTTPException(status_code=500, detail=str(e))


# File serving - generate signed URLs on demand
@app.get("/api/files/image/{file_path:path}", tags=["Files"])
async def get_image(file_path: str):
    """Get signed URL for image file"""
    try:
        signed_url = storage.get_image_url(file_path, expires_in=3600)  # 1 hour
        return RedirectResponse(url=signed_url)
    except Exception as e:
        logger.error(f"Error getting image URL: {e}")
        raise HTTPException(status_code=404, detail="Image not found")


@app.get("/api/files/audio/{file_path:path}", tags=["Files"])
async def get_audio(file_path: str):
    """Get signed URL for audio file"""
    try:
        signed_url = storage.get_audio_url(file_path, expires_in=3600)  # 1 hour
        return RedirectResponse(url=signed_url)
    except Exception as e:
        logger.error(f"Error getting audio URL: {e}")
        raise HTTPException(status_code=404, detail="Audio not found")


# Utility endpoints
@app.get("/api/utilities", tags=["Data"])
async def get_utilities():
    """Get list of valid utility options"""
    return {
        "utilities": [
            "Religious", "Timber", "Biodiversity", "Hydrological benefit", 
            "Faunal interaction", "Food", "Medicine", "Shelter", "Cultural"
        ]
    }


@app.get("/api/phenology-stages", tags=["Data"])
async def get_phenology_stages():
    """Get list of valid phenology stages"""
    return {
        "stages": [
            "New leaves", "Old leaves", "Open flowers", "Fruiting", 
            "Ripe fruit", "Recent fruit drop", "Other"
        ]
    }


@app.get("/api/photo-categories", tags=["Data"])
async def get_photo_categories():
    """Get list of valid photo categories"""
    return {
        "categories": ["Leaf", "Bark", "Fruit", "Seed", "Flower", "Full tree"]
    }


# Statistics
@app.get("/api/stats", tags=["Statistics"])
async def get_stats():
    """Get comprehensive tree statistics"""
    try:
        total_trees = db.get_tree_count()
        species_distribution = db.get_species_distribution(limit=20)
        health_distribution = db.get_health_distribution()  # Will be empty for now
        measurements = db.get_average_measurements()
        
        return {
            "total_trees": total_trees,
            "species_distribution": species_distribution,
            "health_distribution": health_distribution,
            "average_height_ft": measurements["average_height"],
            "average_girth_ft": measurements["average_diameter"],
            "units": {"height": "ft", "girth": "ft"},
            "last_updated": datetime.now().isoformat(),
        }
        
    except Exception as e:
        logger.error(f"Error retrieving statistics: {e}")
        raise HTTPException(status_code=500, detail="Failed to retrieve statistics")


# Master tree database suggestions
@app.get("/api/tree-suggestions", tags=["Data"])
async def get_tree_suggestions_api(query: str = "", limit: int = 10):
    """Get auto-suggestions for tree names from master database"""
    if not query or len(query.strip()) == 0:
        return {"suggestions": []}
    
    try:
        create_master_tree_database()
        suggestions = get_tree_suggestions(query.strip(), limit)
        
        return {
            "query": query,
            "suggestions": suggestions,
            "count": len(suggestions)
        }
        
    except Exception as e:
        logger.error(f"Error getting tree suggestions: {e}")
        return {"suggestions": [], "error": str(e)}


@app.get("/api/tree-codes", tags=["Data"])
async def get_tree_codes_api():
    """Get all available tree codes from master database"""
    try:
        create_master_tree_database()
        tree_codes = get_all_tree_codes()
        
        return {
            "tree_codes": tree_codes,
            "count": len(tree_codes)
        }
        
    except Exception as e:
        logger.error(f"Error getting tree codes: {e}")
        return {"tree_codes": [], "error": str(e)}


# Telemetry logging
# Internal helper to record server-side telemetry without requiring client call

def _record_server_telemetry(request: Request, event_type: str, status: str = None, metadata: Dict[str, Any] = None, user: Dict[str, Any] = None):
    evt = {
        'event_type': event_type,
        'status': status,
        'metadata': metadata or {},
        'timestamp': datetime.now().isoformat(),
        'user': None,
        'client': {
            'ip': request.client.host if request.client else None,
            'user_agent': request.headers.get('user-agent')
        }
    }
    if user:
        evt['user'] = { 'username': user.get('username'), 'role': user.get('role') }
    if getattr(db, 'connected', False):
        if not db.log_telemetry(evt):
            _write_telemetry(evt)
    else:
        _write_telemetry(evt)

class TelemetryEvent(BaseModel):
    event_type: str = Field(..., description="Type of event, e.g., 'upload', 'ui', 'error'")
    status: Optional[str] = Field(None, description="Status such as success/error")
    metadata: Optional[Dict[str, Any]] = Field(default_factory=dict)
    timestamp: Optional[str] = Field(default=None)


def _write_telemetry(event: Dict[str, Any]):
    try:
        # Ensure timestamp
        if 'timestamp' not in event or not event['timestamp']:
            event['timestamp'] = datetime.now().isoformat()
        # Append as JSON line
        with open("telemetry.log", "a", encoding="utf-8") as f:
            f.write(json.dumps(event) + "\n")
    except Exception as e:
        logger.warning(f"Failed to write telemetry: {e}")


@app.post("/api/telemetry", tags=["System"])
async def telemetry(event: TelemetryEvent, request: Request, user: Dict[str, Any] = Depends(require_auth)):
    """Accept telemetry/observability events from the client for troubleshooting."""
    try:
        evt = event.model_dump()
        # Enrich with user and request context
        evt['user'] = {
            "username": user.get("username"),
            "role": user.get("role")
        }
        evt['client'] = {
            "ip": request.client.host if request.client else None,
            "user_agent": request.headers.get('user-agent')
        }
        # Prefer Supabase persistent storage; fallback to file if not configured
        if getattr(db, 'connected', False):
            ok = db.log_telemetry(evt)
            if ok:
                logger.info(f"Telemetry stored: {evt.get('event_type')} status={evt.get('status')}")
            else:
                logger.warning("Telemetry DB insert failed, writing to file")
                _write_telemetry(evt)
        else:
            logger.info("DB not connected, writing telemetry to file")
            _write_telemetry(evt)
        return {"ok": True}
    except Exception as e:
        logger.error(f"Telemetry error: {e}")
        raise HTTPException(status_code=500, detail="Failed to record telemetry")


# Telemetry query (admin-only)
@app.get("/api/telemetry", tags=["System"])
async def get_telemetry(limit: int = 100, user: Dict[str, Any] = Depends(require_permission("admin"))):
    """Return recent telemetry events. Uses Supabase if connected, else reads telemetry.log."""
    limit = max(1, min(1000, limit))
    try:
        if getattr(db, 'connected', False):
            events = db.get_recent_telemetry(limit)
            # Normalize shape to always include evt.user = {username, role}
            norm_events: List[Dict[str, Any]] = []
            for e in (events or []):
                if 'user' not in e or not e.get('user'):
                    username = e.get('username')
                    role = e.get('role')
                    if username or role:
                        e = {**e, 'user': {'username': username, 'role': role}}
                norm_events.append(e)
            return {"events": norm_events, "source": "supabase", "count": len(norm_events)}
        # Fallback to file
        events: List[Dict[str, Any]] = []
        try:
            with open("telemetry.log", "r", encoding="utf-8") as f:
                lines = f.readlines()
                for line in lines[-limit:]:
                    line = line.strip()
                    if not line:
                        continue
                    try:
                        events.append(json.loads(line))
                    except Exception:
                        continue
        except FileNotFoundError:
            events = []
        return {"events": events, "source": "file", "count": len(events)}
    except Exception as e:
        logger.error(f"Get telemetry failed: {e}")
        raise HTTPException(status_code=500, detail="Failed to fetch telemetry")

# Version info
@app.get("/api/version", tags=["System"])
async def get_version():
    """Get current application version"""
    return {
        "version": "3.0.0",
        "backend": "supabase",
        "database": "postgres",
        "storage": "supabase-storage",
        "timestamp": int(time.time()),
        "build": build_time,
        "server_time": datetime.now().isoformat()
    }


if __name__ == "__main__":
    uvicorn.run(
        "app:app", host="127.0.0.1", port=8000, reload=True, log_level="info"
    )