# dashboard/callbacks/auth_callbacks.py
import dash
from dash import Input, Output, State, dcc
from flask import session
from utils.auth import check_password, get_user_role
from config import ENV
from utils.db import execute_query

@dash.callback(
    Output("login-feedback", "children"),
    Output("header-right", "children"),
    Input("btn-login", "n_clicks"),
    State("input-user", "value"),
    State("input-pass", "value"),
    prevent_initial_call=True
)
def login_user(n_clicks, username, password):
    if ENV == "development":
        # Dev‐Bypass: setze immer Admin‐Session und leite weiter
        session["username"] = "dev_admin"
        session["role"] = "admin"
        return dcc.Location(href="/overview", id="redirect-dev"), None

    # Produktions‐Login: User in DB suchen
    user = execute_query("SELECT username, pwd_hash, role FROM users WHERE username=%s", (username,), fetch_one=True)
    if user and check_password(password, user["pwd_hash"]):
        session["username"] = user["username"]
        session["role"] = user["role"]
        return dcc.Location(href="/overview", id="redirect-ok"), None
    else:
        return "Ungültige Zugangsdaten.", None