import json
from pathlib import Path
from typing import Optional

from werkzeug.security import generate_password_hash, check_password_hash

from .config import DATA_DIR

ADMIN_PATH = DATA_DIR / "admin.json"
DEFAULT_USERNAME = "cxf"
DEFAULT_PASSWORD = "NianJie1018"


def ensure_admin_file(username: str = DEFAULT_USERNAME, password: str = DEFAULT_PASSWORD) -> None:
    """Create admin file with hashed password if missing."""
    if ADMIN_PATH.exists():
        return
    data = {
        "username": username,
        "password_hash": generate_password_hash(password),
    }
    ADMIN_PATH.write_text(json.dumps(data, ensure_ascii=False, indent=2), encoding="utf-8")


def get_admin() -> Optional[dict]:
    if not ADMIN_PATH.exists():
        return None
    try:
        return json.loads(ADMIN_PATH.read_text(encoding="utf-8"))
    except Exception:
        return None


def verify_credentials(username: str, password: str) -> bool:
    admin = get_admin()
    if not admin:
        return False
    return username == admin.get("username") and check_password_hash(admin.get("password_hash", ""), password)