from django.shortcuts import render, redirect, get_object_or_404
from django.contrib.auth import authenticate, login, logout
from django.contrib.auth.decorators import login_required
from django.contrib import messages
from django.db import transaction
from alumni.models import (
    User
)
import jwt
from django.conf import settings
from datetime import datetime, timedelta


def login_view(request):
    if request.method == 'POST':
        email = request.POST.get('email')
        password = request.POST.get('password')

        # user = authenticate(request, email=email, password=password)
        user = authenticate(request, username=email, password=password)


        if user is not None:
            login(request, user)

            # Role-based redirect
            if user.role == 'ADMIN':
                return redirect('alumni:admin_dashboard')  # Admin Dashboard
            elif user.role == 'ALUMNI':
                return redirect('alumni:dashboard')        # Alumni Dashboard
            elif user.role == 'SECRETARIAT':
                return redirect('alumni:manage_events')    # Secretariat Dashboard
            else:
                messages.info(request, 'You are not linked to any role')
                return redirect('alumni:login')  # fallback

        else:
            messages.error(request, "Invalid credentials")

    return render(request, 'alumni/login.html')

@login_required
def logout_view(request):
    logout(request)
    return redirect('alumni:login')



def generate_sso_token(user):
    payload = {
        'user_id': user.id,
        'email': user.email,
        'exp': datetime.utcnow() + timedelta(minutes=5)
    }

    token = jwt.encode(payload, settings.SSO_SECRET_KEY, algorithm='HS256')
    return token
    
    
    
def redirect_to_doc_system(request):
    token = generate_sso_token(request.user)
    # return redirect(f"https://niftyportal.ngsims.com/sso-login/?token={token}")
    return redirect(f"http://niftyportal.ngsims.com/sso-login/?token={token}")