"""Módulo de auditoria e logging de segurança."""

from functools import wraps
from flask import request, current_app
from src.security import security_logger
import json
from datetime import datetime
from src.discord.discord_webhook import send_discord_audit_log

def log_security_event(event_type, details, level='INFO'):
    """Registra um evento de segurança."""
    log_data = {
        'timestamp': datetime.utcnow().isoformat(),
        'event_type': event_type,
        'ip_address': request.remote_addr,
        'user_agent': request.user_agent.string,
        'details': details
    }
    
    if hasattr(request, 'user') and request.user:
        log_data['user_id'] = request.user.id
        log_data['username'] = request.user.username
    
    log_message = json.dumps(log_data)
    
    if level == 'WARNING':
        security_logger.warning(log_message)
    elif level == 'ERROR':
        security_logger.error(log_message)
    else:
        security_logger.info(log_message)

def audit_route(f):
    """Decorator para auditar rotas."""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        log_security_event(
            'ROUTE_ACCESS',
            {
                'method': request.method,
                'path': request.path,
                'query_params': dict(request.args),
                'form_data': dict(request.form) if request.form else None
            }
        )
        
        try:
            response = f(*args, **kwargs)
            log_security_event(
                'ROUTE_SUCCESS',
                {
                    'method': request.method,
                    'path': request.path,
                    'status_code': getattr(response, 'status_code', 200)
                }
            )
            
            return response
            
        except Exception as e:
            log_security_event(
                'ROUTE_ERROR',
                {
                    'method': request.method,
                    'path': request.path,
                    'error': str(e)
                },
                level='ERROR'
            )
            raise
    
    return decorated_function

def audit_auth_attempt(username, success):
    """Registra tentativa de autenticação."""
    log_security_event(
        'AUTH_ATTEMPT',
        {
            'username': username,
            'success': success,
            'ip_address': request.remote_addr
        },
        level='WARNING' if not success else 'INFO'
    )

def audit_password_change(user_id, success):
    """Registra alteração de senha."""
    log_security_event(
        'PASSWORD_CHANGE',
        {
            'user_id': user_id,
            'success': success,
            'ip_address': request.remote_addr
        },
        level='WARNING' if not success else 'INFO'
    )

def audit_file_upload(filename, file_size, success):
    """Registra upload de arquivo."""
    log_security_event(
        'FILE_UPLOAD',
        {
            'filename': filename,
            'file_size': file_size,
            'success': success,
            'ip_address': request.remote_addr
        },
        level='WARNING' if not success else 'INFO'
    ) 

def log_audit(action, object_type=None, object_id=None, details=None):
    from flask_login import current_user
    from flask import request
    user_id = getattr(current_user, 'id', None)
    ip = request.remote_addr if request else None
    print(f"[AUDIT] log_audit called: action={action}, user_id={user_id}, object_type={object_type}, object_id={object_id}, details={details}, ip={ip}")
    from src.discord.discord_webhook import send_discord_audit_log
    send_discord_audit_log(
        action=action,
        user_id=user_id,
        object_type=object_type,
        object_id=object_id,
        details=details,
        ip_address=ip,
        created_at=None
    )