"""Authentication schemas for web API."""

from __future__ import annotations

from typing import Dict

from pydantic import BaseModel, ConfigDict

from backend.constants.roles import DEFAULT_USER_ROLE, UserRole


class LoginRequest(BaseModel):
    """Login request payload."""

    model_config = ConfigDict(protected_namespaces=())

    username: str
    password: str


class RefreshRequest(BaseModel):
    """Refresh token request payload."""

    model_config = ConfigDict(protected_namespaces=())

    refresh_token: str


class TokenResponse(BaseModel):
    """Token response payload."""

    model_config = ConfigDict(protected_namespaces=())

    access_token: str
    refresh_token: str
    password_change_required: bool = False


class UserResponse(BaseModel):
    """User response payload."""

    model_config = ConfigDict(protected_namespaces=())

    username: str
    is_admin: bool = False
    role: UserRole = DEFAULT_USER_ROLE
    permissions: Dict[str, bool] = {}


class PasswordChangeRequest(BaseModel):
    """Password change request payload."""

    model_config = ConfigDict(protected_namespaces=())

    current_password: str
    new_password: str


class PasswordChangeResponse(BaseModel):
    """Password change response payload."""

    model_config = ConfigDict(protected_namespaces=())

    success: bool
    message: str