import os
from typing import Any, Dict, List, Literal, Optional, Union

from pydantic import BaseModel, Field, field_validator


class GithubAuthConfig(BaseModel):
    client_id: str
    client_secret: str
    callback_url: str
    scopes: List[str] = ["user:email"]


class MSALAuthConfig(BaseModel):
    tenant_id: str
    client_id: str
    client_secret: str
    callback_url: str
    scopes: List[str] = ["User.Read"]


class FirebaseAuthConfig(BaseModel):
    api_key: str
    auth_domain: str
    project_id: str


class AuthConfig(BaseModel):
    """Authentication configuration model for the application."""

    type: Literal["none", "github", "msal", "firebase"] = "none"
    github: Optional[GithubAuthConfig] = None
    msal: Optional[MSALAuthConfig] = None
    firebase: Optional[FirebaseAuthConfig] = None
    jwt_secret: Optional[str] = None
    token_expiry_minutes: int = 60
    exclude_paths: List[str] = [
        "/",  # root for serving frontend
        "/api/health",
        "/api/version",
        "/api/auth/login-url",
        "/api/auth/callback-handler",
        "/api/auth/callback",
        "/api/auth/type",
    ]

    @field_validator("github")
    @classmethod
    def validate_github_config(cls, v, info):
        """Validate GitHub config is present when github type is selected."""
        values = info.data
        if values.get("type") == "github" and v is None:
            raise ValueError("GitHub configuration required when type is 'github'")
        return v

    @field_validator("msal")
    @classmethod
    def validate_msal_config(cls, v, info):
        """Validate MSAL config is present when msal type is selected."""
        values = info.data
        if values.get("type") == "msal" and v is None:
            raise ValueError("MSAL configuration required when type is 'msal'")
        return v

    @field_validator("firebase")
    @classmethod
    def validate_firebase_config(cls, v, info):
        """Validate Firebase config is present when firebase type is selected."""
        values = info.data
        if values.get("type") == "firebase" and v is None:
            raise ValueError("Firebase configuration required when type is 'firebase'")
        return v

    @field_validator("jwt_secret")
    @classmethod
    def validate_jwt_secret(cls, v, info):
        """Validate JWT secret is present for auth types other than 'none'."""
        values = info.data
        if values.get("type") != "none" and not v:
            raise ValueError("JWT secret is required for authentication")
        return v


class User(BaseModel):
    """User model for authenticated users."""

    id: str
    name: str
    email: Optional[str] = None
    avatar_url: Optional[str] = None
    provider: Optional[str] = None
    roles: List[str] = ["user"]
    metadata: Optional[Dict[str, Any]] = None