import uvicorn
from fastapi import FastAPI, Depends
from fastapi.responses import RedirectResponse
from app.auth.cognito import initiate_auth
from app.auth.dependencies import get_current_user, require_roles
from app.models.auth import CognitoUser, SigninRequest, TokenResponse

app = FastAPI()

@app.get("/")
async def root():
    return {"message": "IPTV Updater API"}

@app.post("/signin", response_model=TokenResponse, summary="Signin Endpoint")
def signin(credentials: SigninRequest):
    """
    Sign-in endpoint to authenticate the user with AWS Cognito using username and password.
    On success, returns JWT tokens (access_token, id_token, refresh_token).
    """
    auth_result = initiate_auth(credentials.username, credentials.password)
    return TokenResponse(
        access_token=auth_result["AccessToken"],
        id_token=auth_result["IdToken"],
        refresh_token=auth_result.get("RefreshToken"),
        token_type="Bearer",
    )

@app.get("/protected")
async def protected_route(user: CognitoUser = Depends(get_current_user)):
    """
    Protected endpoint that requires for all authenticated users.
    If the user is authenticates, returns success message.
    """
    return {"message": f"Hello {user.username}, you have access to support resources!"}

@app.get("/protected_admin", summary="Protected endpoint for Admin role")
@require_roles("admin")
def protected_admin_endpoint(user: CognitoUser = Depends(get_current_user)):
    """
    Protected endpoint that requires the 'admin' role.
    If the user has 'admin' role, returns success message.
    """
    return {"message": f"Hello {user.username}, you have admin privileges!"}