from __future__ import annotations

from fastapi import APIRouter, Depends, Query
from sqlalchemy.orm import Session

from app.api.v1.schemas import AuditLogItemResponse, AuditLogListResponse
from app.auth.dependencies import ApiPrincipal, require_scope
from app.db.models import AuditLog
from app.db.session import get_session

router = APIRouter(prefix="/audit", tags=["audit"])


@router.get("", response_model=AuditLogListResponse)
def list_audit_log(
    limit: int = Query(default=100, ge=1, le=500),
    offset: int = Query(default=0, ge=0),
    action: str | None = None,
    object_type: str | None = None,
    object_id: str | None = None,
    session: Session = Depends(get_session),
    principal: ApiPrincipal = Depends(require_scope("audit:read")),
):
    query = session.query(AuditLog).filter(AuditLog.tenant_id == principal.tenant_id)
    if action:
        query = query.filter(AuditLog.action == action)
    if object_type:
        query = query.filter(AuditLog.object_type == object_type)
    if object_id:
        query = query.filter(AuditLog.object_id == object_id)
    items = query.order_by(AuditLog.created_at.desc()).offset(offset).limit(limit).all()
    return AuditLogListResponse(items=[AuditLogItemResponse.model_validate(item) for item in items])