from django.contrib.auth.models import Group
from django.http import HttpResponseRedirect
from django.urls import reverse
from django_scopes import scope, scopes_disabled
from oauth2_provider.contrib.rest_framework import OAuth2Authentication
from psycopg2.errors import UniqueViolation
from rest_framework.exceptions import AuthenticationFailed

import random

from cookbook.helper.permission_helper import create_space_for_user
from cookbook.models import Space, UserSpace
from cookbook.views import views
from recipes import settings


class ScopeMiddleware:
    def __init__(self, get_response):
        self.get_response = get_response

    def __call__(self, request):
        prefix = settings.SCRIPT_NAME or ''

        # need to disable scopes for writing requests into userpref and enable for loading ?
        if request.path.startswith(prefix + '/api/user-preference/'):
            with scopes_disabled():
                return self.get_response(request)

        if request.user.is_authenticated:

            if request.path.startswith(prefix + '/admin/'):
                with scopes_disabled():
                    return self.get_response(request)

            if request.path.startswith(prefix + '/signup/') or request.path.startswith(prefix + '/invite/'):
                return self.get_response(request)

            if request.path.startswith(prefix + '/accounts/'):
                return self.get_response(request)

            if request.path.startswith(prefix + '/switch-space/'):
                return self.get_response(request)

            if request.path.startswith(prefix + '/invite/'):
                return self.get_response(request)

            # get active user space, if for some reason more than one space is active select first (group permission checks will fail, this is not intended at this point)
            user_space = request.user.userspace_set.filter(active=True).first()

            if not user_space and request.user.userspace_set.count() > 0:
                # if the users has a userspace but nothing is active, activate the first one
                user_space = request.user.userspace_set.first()
                if user_space:
                    user_space.active = True
                    user_space.save()

            if not user_space:
                if 'signup_token' in request.session:
                    # if user is authenticated, has no space but a signup token (InviteLink) is present, redirect to invite link logic
                    return HttpResponseRedirect(reverse('view_invite', args=[request.session.pop('signup_token', '')]))
                else:
                    # if user does not yet have a space create one for him
                    user_space = create_space_for_user(request.user)

            # TODO remove the need for this view
            if user_space.groups.count() == 0 and not reverse('account_logout') in request.path:
                return views.no_groups(request)

            request.space = user_space.space
            with scope(space=request.space):
                return self.get_response(request)
        else:
            if request.path.startswith(prefix + '/api/'):
                try:
                    if auth := OAuth2Authentication().authenticate(request):
                        user_space = auth[0].userspace_set.filter(active=True).first()
                        if user_space:
                            request.space = user_space.space
                            with scope(space=request.space):
                                return self.get_response(request)
                except AuthenticationFailed:
                    pass

            with scopes_disabled():
                request.space = None
                return self.get_response(request)