"""Фабрика Flask-приложения.

Этап 1:
  E1.0 — фундамент (БД-пул, sessions, base.html).
  E1.1 — авторизация (cookie-сессии Flask, bcrypt + Werkzeug, опц. HR_AUTH).
"""
from __future__ import annotations

import os
import secrets
from datetime import timedelta

from flask import Flask, jsonify, render_template, request


_ROLE_LABELS = {
    'employee': 'Сотрудник',
    'manager': 'Руководитель',
    'hr': 'HR',
}


def _format_role(role: str | None) -> str:
    return _ROLE_LABELS.get((role or '').strip().lower(), '')


def _format_surname_with_initials(full_name: str | None, fallback: str | None = None) -> str:
    name = (full_name or '').strip()
    if not name:
        return (fallback or '—').strip() or '—'
    parts = [p for p in name.replace('\xa0', ' ').split(' ') if p]
    if len(parts) < 2:
        return name
    surname = parts[0]
    initials = []
    for p in parts[1:3]:
        initials.append(f'{p[0].upper()}.')
    return f"{surname} {' '.join(initials)}".strip()


def create_app() -> Flask:
    app = Flask(
        __name__,
        instance_relative_config=True,
        template_folder='templates',
        static_folder='static',
        static_url_path='/static',
    )

    sk = (os.environ.get('SECRET_KEY') or '').strip()
    app.config['SECRET_KEY'] = sk or secrets.token_hex(32)
    app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024  # 16 MB upload limit

    app.config.update(
        SESSION_COOKIE_NAME='testing_session',
        SESSION_COOKIE_HTTPONLY=True,
        SESSION_COOKIE_SAMESITE='Lax',
        SESSION_COOKIE_SECURE=(os.environ.get('FLASK_ENV') == 'production'),
        PERMANENT_SESSION_LIFETIME=timedelta(days=7),
    )

    from .blueprints.main import main_bp
    from .blueprints.settings import settings_bp
    from .auth import auth_bp
    from .tests import tests_bp

    app.register_blueprint(main_bp)
    app.register_blueprint(auth_bp)
    app.register_blueprint(tests_bp)
    app.register_blueprint(settings_bp)

    from . import db as _db

    @app.teardown_appcontext
    def _shutdown_session(exc):  # noqa: ARG001
        _db.remove_session()

    from .config import is_assignment_feature_enabled, is_dev_ui, is_hr_auth_enabled
    from .auth.decorators import current_user as _current_user

    @app.context_processor
    def _inject_globals():
        return {
            'current_user': _current_user(),
            'hr_auth_enabled': is_hr_auth_enabled(),
            'dev_ui': is_dev_ui(),
            'assignment_ui': is_assignment_feature_enabled(),
            'format_name_short': _format_surname_with_initials,
            'format_role': _format_role,
        }

    @app.errorhandler(404)
    def _not_found(_e):
        if _is_api_path():
            return jsonify(error='not_found'), 404
        return render_template('404.html'), 404

    @app.errorhandler(500)
    def _internal_error(_e):
        if _is_api_path():
            return jsonify(error='internal_error'), 500
        return render_template('500.html'), 500

    return app


def _is_api_path() -> bool:
    return request.path.startswith('/api/')