import os
import secrets
from datetime import datetime, timedelta
from flask import Flask, render_template, request, redirect, url_for, session, flash
from flask_limiter import Limiter
from flask_limiter.util import get_remote_address
from dotenv import load_dotenv
import pandas as pd
from huggingface_hub import HfApi, HfFolder
from datasets import Dataset as HFDataset

# Load environment variables
load_dotenv()

# --- Config ---
ADMIN_USER = os.getenv("ADMIN_USER", "admin")
ADMIN_PASS = os.getenv("ADMIN_PASS", "Welcome123")
HF_TOKEN = os.getenv("HF_TOKEN")
REPO_ID = "0vergeared/otp-logs"
OTP_EXPIRY_MINUTES = 5

# --- Flask App ---
app = Flask(__name__)
app.secret_key = os.getenv("FLASK_SECRET", "changeme123")
limiter = Limiter(get_remote_address, app=app)

# --- Memory store for OTPs
otp_store = {}

# ---------------- ROUTES ---------------- #

@app.route("/")
def index():
    return redirect(url_for("admin"))

@app.route("/admin", methods=["GET", "POST"])
def admin():
    if request.method == "POST":
        user = request.form.get("username")
        pwd = request.form.get("password")
        if user == ADMIN_USER and pwd == ADMIN_PASS:
            session["logged_in"] = True
            return redirect(url_for("dashboard"))
        flash("Invalid credentials", "error")
    return render_template("login.html")

@app.route("/dashboard")
def dashboard():
    if not session.get("logged_in"):
        return redirect(url_for("admin"))
    return render_template("dashboard.html")

@app.route("/generate_otp")
def generate_otp():
    if not session.get("logged_in"):
        return redirect(url_for("admin"))
    
    otp = secrets.token_urlsafe(6)[:6].upper()
    expiry = datetime.utcnow() + timedelta(minutes=OTP_EXPIRY_MINUTES)
    otp_store[otp] = {"expiry": expiry, "used": False}

    save_otp_to_dataset(otp, expiry.strftime("%Y-%m-%d %H:%M:%S UTC"))

    return render_template("otp_result.html", otp=otp, expiry=expiry.strftime("%Y-%m-%d %H:%M UTC"))

@app.route("/logout")
def logout():
    session.clear()
    return redirect(url_for("admin"))

# ---------------- HELPERS ---------------- #

def save_otp_to_dataset(otp: str, expiry: str):
    try:
        if not HF_TOKEN:
            print("❌ HF_TOKEN not set.")
            return

        HfFolder.save_token(HF_TOKEN)
        api = HfApi()

        local_file = "otp_temp.csv"
        if not os.path.exists(local_file):
            pd.DataFrame(columns=["otp", "expiry"]).to_csv(local_file, index=False)

        df = pd.read_csv(local_file)
        df = pd.concat([df, pd.DataFrame([{"otp": otp, "expiry": expiry}])], ignore_index=True)
        df.to_csv(local_file, index=False)

        dataset = HFDataset.from_pandas(df)
        dataset.push_to_hub(REPO_ID, token=HF_TOKEN)

        print(f"✅ OTP {otp} pushed to dataset.")
    except Exception as e:
        print("❌ Dataset push failed:", e)

@app.after_request
def allow_iframe(response):
    response.headers["X-Frame-Options"] = "SAMEORIGIN"
    return response

# ---------------- MAIN ---------------- #

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=7860)