from __future__ import annotations

from fastapi import APIRouter, Depends
from sqlalchemy.orm import Session

from app.api.v1.schemas import ApiKeyCreateRequest, ApiKeyCreateResponse
from app.auth.dependencies import ApiPrincipal, require_scope
from app.audit.logging import audit_from_principal
from app.db.session import get_session
from app.security.api_keys import create_api_key

router = APIRouter(prefix="/admin", tags=["admin"])


@router.post("/api-keys", response_model=ApiKeyCreateResponse)
def create_personal_api_key(
    payload: ApiKeyCreateRequest,
    session: Session = Depends(get_session),
    principal: ApiPrincipal = Depends(require_scope("admin:settings")),
):
    created = create_api_key(session, user=principal.user, name=payload.name, scopes=payload.scopes or ["campaign:read"])
    audit_from_principal(
        session,
        principal,
        action="api_key.created",
        object_type="api_key",
        object_id=created.model.id,
        details={"name": created.model.name, "prefix": created.model.prefix, "scopes": created.model.scopes},
        commit=True,
    )
    return ApiKeyCreateResponse(
        id=created.model.id,
        name=created.model.name,
        prefix=created.model.prefix,
        scopes=created.model.scopes,
        secret=created.secret,
    )