UMBRA/backend/app/routers/settings.py

from fastapi import APIRouter, Depends, HTTPException
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select

from app.database import get_db
from app.models.settings import Settings
from app.schemas.settings import SettingsUpdate, SettingsResponse, ChangePinRequest
from app.routers.auth import get_current_session, hash_pin, verify_pin

router = APIRouter()


@router.get("/", response_model=SettingsResponse)
async def get_settings(
    db: AsyncSession = Depends(get_db),
    current_user: Settings = Depends(get_current_session)
):
    """Get current settings (excluding PIN hash)."""
    return current_user


@router.put("/", response_model=SettingsResponse)
async def update_settings(
    settings_update: SettingsUpdate,
    db: AsyncSession = Depends(get_db),
    current_user: Settings = Depends(get_current_session)
):
    """Update settings (accent color, upcoming days)."""
    update_data = settings_update.model_dump(exclude_unset=True)

    for key, value in update_data.items():
        setattr(current_user, key, value)

    await db.commit()
    await db.refresh(current_user)

    return current_user


@router.put("/pin")
async def change_pin(
    pin_change: ChangePinRequest,
    db: AsyncSession = Depends(get_db),
    current_user: Settings = Depends(get_current_session)
):
    """Change PIN. Requires old PIN verification."""
    if not verify_pin(pin_change.old_pin, current_user.pin_hash):
        raise HTTPException(status_code=401, detail="Invalid old PIN")

    current_user.pin_hash = hash_pin(pin_change.new_pin)

    await db.commit()

    return {"message": "PIN changed successfully"}