from flask import Flask, request, jsonify, render_template
from pymongo.mongo_client import MongoClient
from pymongo.server_api import ServerApi
from werkzeug.security import generate_password_hash
import os
import hmac
from functools import wraps

app = Flask(__name__, template_folder='/app/sudo/templates')
app.secret_key = os.getenv("FLASK_SECRET")

# MongoDB connection
uri = os.getenv("MONGO_URI")
client = MongoClient(uri, server_api=ServerApi('1'))
db = client['librechat']

ADMIN_SECRET = os.getenv("ADMIN_SECRET")

# Authentication decorator
def require_auth(f):
    @wraps(f)
    def wrapper(*args, **kwargs):
        auth_token = request.headers.get('X-Auth-Token')
        if not auth_token or not hmac.compare_digest(auth_token, ADMIN_SECRET):
            return jsonify({"error": "Unauthorized"}), 403
        return f(*args, **kwargs)
    return wrapper

# Routes
@app.route('/sudo')
def admin_panel():
    return render_template('index.html')

@app.route('/sudo/login', methods=['POST'])
def login():
    if not hmac.compare_digest(request.json.get('password') or '', ADMIN_SECRET):
        return jsonify({"error": "Invalid credentials"}), 401
    return jsonify({"token": ADMIN_SECRET})

@app.route('/sudo/users', methods=['GET'])
@require_auth
def list_users():
    users = list(db.users.find({}, {"_id": 0, "username": 1}))
    return jsonify(users)

@app.route('/sudo/users', methods=['POST'])
@require_auth
def add_user():
    user_data = {
        "username": request.json["username"],
        "password": generate_password_hash(request.json["password"]),
        "role": "user"
    }
    db.users.insert_one(user_data)
    return jsonify({"status": "User added"})

@app.route('/sudo/users/<username>', methods=['DELETE'])
@require_auth
def delete_user(username):
    result = db.users.delete_one({"username": username})
    if result.deleted_count == 0:
        return jsonify({"error": "User not found"}), 404
    return jsonify({"status": "User deleted"})
@app.route('/sudo/debug')
def debug():
    return jsonify({
        "expected_password": os.getenv("ADMIN_SECRET", "NOT_SET!"),
        "flask_secret_set": bool(os.getenv("FLASK_SECRET")),
        "mongo_connected": bool(client)
    })
    
if __name__ == "__main__":
    app.run(host='0.0.0.0', port=5000)