"""
cameras_api.py

Purpose:
  JSON APIs for camera CRUD and metadata retrieval used by the selection page.

Routes:
  - GET /api/kamere
  - POST /api/kamere/add
  - POST /api/kamere/rename
  - POST /api/kamere/delete
"""

from flask import Blueprint, jsonify, request, session
import sqlite3
from .db import get_db
from .security import login_required
from .paths import STATIC_PATH
from .images_service import latest_from_db_or_fs
from .helpers import format_dt
from .assets import _static_exists
from .security_enhancements import validate_api_input


bp = Blueprint('cameras_api', __name__)


@bp.route('/api/kamere')
@login_required
def api_cameras():
    db = get_db()
    # dynamic fields
    cols = [row[1] for row in db.execute('PRAGMA table_info(cameras)').fetchall()]
    has_model = 'model' in set(cols)
    select_fields = 'camera_id, camera_name, file_paths' + (', model' if has_model else '')
    cur = db.execute(f'SELECT {select_fields} FROM cameras WHERE user_id = ? ORDER BY camera_name COLLATE NOCASE', (session['user_id'],))
    rows = []
    for r in cur.fetchall():
        cam_id = str(r['camera_id'])
        latest_dt, _ = latest_from_db_or_fs(cam_id, r['file_paths'] or '', STATIC_PATH)
        thumb_url = '/static/camera_render.png' if _static_exists('camera_render.png') else '/static/webicon180x180.png'
        model = (r['model'] if has_model else None) or 'Vision mini'
        rows.append({
            'camera_id': cam_id,
            'camera_name': r['camera_name'],
            'last_active': format_dt(latest_dt) if latest_dt else 'Nema aktivnosti',
            'thumbnail_url': thumb_url,
            'model': model
        })
    resp = jsonify({'cameras': rows})
    resp.headers['Cache-Control'] = 'no-store, no-cache, must-revalidate, max-age=0'
    resp.headers['Pragma'] = 'no-cache'
    return resp


@bp.route('/api/kamere/add', methods=['POST'])
@login_required
def api_add_camera():
    data = request.get_json(silent=True) or {}
    
    # Enhanced input validation
    schema = {
        'camera_id': {'type': str, 'max_length': 12, 'required': True},
        'camera_name': {'type': str, 'max_length': 100, 'required': True}
    }
    valid, error_msg, validated_data = validate_api_input(data, schema)
    if not valid:
        return jsonify({'success': False, 'message': error_msg}), 400
    
    camera_id = validated_data['camera_id'].strip()
    camera_name = validated_data['camera_name'].strip()
    
    if not (camera_id.isdigit() and len(camera_id) == 12):
        return jsonify({'success': False, 'message': 'Broj kamere mora imati točno 12 znamenki.'}), 400
    if not camera_name:
        return jsonify({'success': False, 'message': 'Ime kamere je obavezno.'}), 400
    db = get_db()
    exists = db.execute('SELECT 1 FROM cameras WHERE user_id=? AND camera_id=?', (session['user_id'], camera_id)).fetchone()
    if exists:
        return jsonify({'success': False, 'message': 'Kamera već postoji.'}), 409
    # Insert
    cols = [row[1] for row in db.execute('PRAGMA table_info(cameras)').fetchall()]
    has_model = 'model' in set(cols)
    try:
        if has_model:
            db.execute('INSERT INTO cameras (user_id, camera_id, camera_name, model) VALUES (?, ?, ?, ?)', (session['user_id'], camera_id, camera_name, 'Vision mini'))
        else:
            db.execute('INSERT INTO cameras (user_id, camera_id, camera_name) VALUES (?, ?, ?)', (session['user_id'], camera_id, camera_name))
        db.commit()
        return jsonify({'success': True})
    except sqlite3.Error:
        return jsonify({'success': False, 'message': 'Greška pri spremanju.'}), 500


@bp.route('/api/kamere/rename', methods=['POST'])
@login_required
def api_rename_camera():
    data = request.get_json(silent=True) or {}
    camera_id = str(data.get('camera_id', '')).strip()
    new_name = (data.get('camera_name') or '').strip()
    if not (camera_id.isdigit() and len(camera_id) == 12):
        return jsonify({'success': False, 'message': 'Neispravan ID kamere.'}), 400
    if not new_name:
        return jsonify({'success': False, 'message': 'Ime je obavezno.'}), 400
    db = get_db()
    try:
        cur = db.execute('UPDATE cameras SET camera_name=? WHERE user_id=? AND camera_id=?', (new_name, session['user_id'], camera_id))
        db.commit()
        if cur.rowcount == 0:
            return jsonify({'success': False, 'message': 'Kamera nije pronađena.'}), 404
        return jsonify({'success': True})
    except sqlite3.Error:
        return jsonify({'success': False, 'message': 'Greška baze.'}), 500


@bp.route('/api/kamere/delete', methods=['POST'])
@login_required
def api_delete_camera():
    data = request.get_json(silent=True) or {}
    camera_id = str(data.get('camera_id', '')).strip()
    if not (camera_id.isdigit() and len(camera_id) == 12):
        return jsonify({'success': False, 'message': 'Neispravan ID kamere.'}), 400
    db = get_db()
    try:
        cur = db.execute('DELETE FROM cameras WHERE user_id=? AND camera_id=?', (session['user_id'], camera_id))
        db.commit()
        if cur.rowcount == 0:
            return jsonify({'success': False, 'message': 'Kamera nije pronađena.'}), 404
        return jsonify({'success': True})
    except sqlite3.Error:
        return jsonify({'success': False, 'message': 'Greška baze.'}), 500