from flask import Flask, render_template, request, redirect, url_for, flash, session
from werkzeug.security import generate_password_hash, check_password_hash
import json
import os

app = Flask(__name__)
app.secret_key = os.environ.get("FLASK_SECRET", "please-change-this-secret")  # change in production

DB_PATH = os.path.join(os.getcwd(), "arshdb")  # file named exactly "arshdb" in project root

# Ensure DB file exists and is valid JSON array
def ensure_db():
    if not os.path.exists(DB_PATH):
        with open(DB_PATH, "w") as f:
            json.dump([], f)

def load_db():
    ensure_db()
    with open(DB_PATH, "r") as f:
        try:
            data = json.load(f)
            if not isinstance(data, list):
                # Reset to empty list if corrupted
                return []
            return data
        except json.JSONDecodeError:
            return []

def save_db(users):
    # users should be a list
    with open(DB_PATH, "w") as f:
        json.dump(users, f, indent=2)

@app.route("/")
def index():
    # show login page by default
    return redirect(url_for("login"))

@app.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        email = request.form.get("email", "").strip().lower()
        password = request.form.get("password", "")

        users = load_db()
        user = next((u for u in users if u.get("email") == email), None)
        if user and check_password_hash(user.get("password_hash", ""), password):
            # login success
            session["user"] = {"username": user.get("username"), "email": user.get("email")}
            flash("Logged in successfully.", "success")
            # Redirect to external page as requested
            return redirect("https://imarshbir.github.io/")
        else:
            flash("Invalid email or password.", "danger")
            return render_template("login.html", email=email)
    else:
        return render_template("login.html")

@app.route("/register", methods=["GET", "POST"])
def register():
    if request.method == "POST":
        username = request.form.get("username", "").strip()
        email = request.form.get("email", "").strip().lower()
        password = request.form.get("password", "")

        if not username or not email or not password:
            flash("Please fill out all fields.", "warning")
            return render_template("register.html", username=username, email=email)

        users = load_db()
        if any(u for u in users if u.get("email") == email):
            flash("Email already registered. Try logging in.", "warning")
            return render_template("register.html", username=username, email=email)

        if any(u for u in users if u.get("username").lower() == username.lower()):
            flash("Username already taken. Choose another.", "warning")
            return render_template("register.html", username=username, email=email)

        password_hash = generate_password_hash(password)
        new_user = {
            "username": username,
            "email": email,
            "password_hash": password_hash
        }
        users.append(new_user)
        save_db(users)
        flash("Registration successful. You can now log in.", "success")
        return redirect(url_for("login"))

    return render_template("register.html")

@app.route("/logout")
def logout():
    session.pop("user", None)
    flash("Logged out.", "info")
    return redirect(url_for("login"))

# Basic health check (optional)
@app.route("/ping")
def ping():
    return "pong", 200

if __name__ == "__main__":
    # for local testing
    app.run(host="0.0.0.0", port=7860, debug=True)