from flask import Flask, render_template, request, redirect, url_for, session, jsonify, flash
import sys, os
sys.path.insert(0, os.path.dirname(os.path.dirname(os.path.abspath(__file__))))
import database as db
from functools import wraps
from datetime import datetime

app = Flask(__name__)
app.secret_key = "CHANGE_THIS_TO_A_RANDOM_SECRET_KEY_123"

# رمز ورود پنل وب
WEB_PASSWORD = "admin1234"  # این رو عوض کن!

def login_required(f):
    @wraps(f)
    def decorated(*args, **kwargs):
        if not session.get('logged_in'):
            return redirect(url_for('login'))
        return f(*args, **kwargs)
    return decorated

@app.route('/login', methods=['GET', 'POST'])
def login():
    error = None
    if request.method == 'POST':
        if request.form.get('password') == WEB_PASSWORD:
            session['logged_in'] = True
            return redirect(url_for('dashboard'))
        error = "رمز اشتباه است!"
    return render_template('login.html', error=error)

@app.route('/logout')
def logout():
    session.clear()
    return redirect(url_for('login'))

@app.route('/')
@login_required
def dashboard():
    stats = db.get_stats()
    recent_orders = db.get_all_orders(5)
    pending = db.get_pending_orders()
    return render_template('dashboard.html', stats=stats, recent_orders=recent_orders, pending=pending)

@app.route('/orders')
@login_required
def orders():
    status = request.args.get('status', 'all')
    all_orders = db.get_all_orders(50)
    if status != 'all':
        all_orders = [o for o in all_orders if o['status'] == status]
    return render_template('orders.html', orders=all_orders, status=status)

@app.route('/order/<int:order_id>/approve', methods=['POST'])
@login_required
def approve_order(order_id):
    db.update_order_status(order_id, 'confirmed')
    flash(f'سفارش #{order_id} تأیید شد.', 'success')
    return redirect(url_for('orders'))

@app.route('/order/<int:order_id>/reject', methods=['POST'])
@login_required
def reject_order(order_id):
    db.update_order_status(order_id, 'rejected')
    flash(f'سفارش #{order_id} رد شد.', 'danger')
    return redirect(url_for('orders'))

@app.route('/order/<int:order_id>/deliver', methods=['POST'])
@login_required
def deliver_order(order_id):
    account_info = request.form.get('account_info')
    expires_at = request.form.get('expires_at')
    if account_info and expires_at:
        db.set_order_account(order_id, account_info, expires_at)
        flash(f'اکانت سفارش #{order_id} ارسال شد.', 'success')
    return redirect(url_for('orders'))

@app.route('/users')
@login_required
def users():
    all_users = db.get_all_users()
    return render_template('users.html', users=all_users)

@app.route('/user/<int:user_id>/blacklist', methods=['POST'])
@login_required
def blacklist(user_id):
    db.blacklist_user(user_id, True)
    flash('کاربر مسدود شد.', 'warning')
    return redirect(url_for('users'))

@app.route('/user/<int:user_id>/unblacklist', methods=['POST'])
@login_required
def unblacklist(user_id):
    db.blacklist_user(user_id, False)
    flash('مسدودیت کاربر برداشته شد.', 'success')
    return redirect(url_for('users'))

@app.route('/user/<int:user_id>/wallet', methods=['POST'])
@login_required
def update_wallet(user_id):
    amount = int(request.form.get('amount', 0))
    db.update_wallet(user_id, amount)
    flash(f'{amount:,} تومان به کیف پول اضافه شد.', 'success')
    return redirect(url_for('users'))

@app.route('/products')
@login_required
def products():
    prods = db.get_products()
    return render_template('products.html', products=prods)

@app.route('/product/<int:pid>/price', methods=['POST'])
@login_required
def update_price(pid):
    price = int(request.form.get('price', 0))
    db.update_product_price(pid, price)
    flash('قیمت به‌روز شد.', 'success')
    return redirect(url_for('products'))

@app.route('/discounts')
@login_required
def discounts():
    codes = db.get_all_discount_codes()
    return render_template('discounts.html', codes=codes)

@app.route('/discounts/new', methods=['POST'])
@login_required
def new_discount():
    code = request.form.get('code', '').upper()
    percent = int(request.form.get('percent', 10))
    max_uses = int(request.form.get('max_uses', -1))
    expires_at = request.form.get('expires_at') or None
    db.create_discount_code(code, percent, max_uses, expires_at)
    flash(f'کد تخفیف {code} ساخته شد.', 'success')
    return redirect(url_for('discounts'))

@app.route('/tickets')
@login_required
def tickets():
    open_tickets = db.get_open_tickets()
    return render_template('tickets.html', tickets=open_tickets)

@app.route('/reviews')
@login_required
def reviews():
    all_reviews = db.get_reviews(50)
    return render_template('reviews.html', reviews=all_reviews)

@app.route('/flashsale', methods=['GET', 'POST'])
@login_required
def flashsale():
    prods = db.get_products()
    if request.method == 'POST':
        pid = int(request.form.get('product_id'))
        discount = int(request.form.get('discount'))
        hours = int(request.form.get('hours', 2))
        from datetime import timedelta
        expires = (datetime.now() + timedelta(hours=hours)).isoformat()
        db.create_flash_sale(pid, discount, expires)
        flash('فلش سیل فعال شد!', 'success')
    return render_template('flashsale.html', products=prods)


@app.route('/products/add', methods=['POST'])
@login_required
def add_product():
    service = request.form.get('service','').strip()
    duration = request.form.get('duration','').strip()
    price = int(request.form.get('price', 0) or 0)
    bulk_price = int(request.form.get('bulk_price', 0) or 0)
    description = request.form.get('description','').strip()
    if service and duration and price:
        db.add_product(service, duration, price, bulk_price or price, description)
        flash(f'محصول {service} — {duration} اضافه شد.', 'success')
    else:
        flash('اطلاعات ناقص است.', 'danger')
    return redirect(url_for('products'))

@app.route('/product/<int:pid>/delete', methods=['POST'])
@login_required
def delete_product(pid):
    db.delete_product(pid)
    flash('محصول حذف شد.', 'success')
    return redirect(url_for('products'))

@app.route('/product/<int:pid>/toggle', methods=['POST'])
@login_required
def toggle_product(pid):
    db.toggle_product(pid)
    flash('وضعیت تغییر کرد.', 'success')
    return redirect(url_for('products'))

@app.route('/product/<int:pid>/edit', methods=['POST'])
@login_required
def edit_product(pid):
    service = request.form.get('service','').strip()
    duration = request.form.get('duration','').strip()
    price = int(request.form.get('price', 0) or 0)
    bulk_price = int(request.form.get('bulk_price', 0) or 0)
    description = request.form.get('description','').strip()
    db.update_product(pid, service, duration, price, bulk_price, description)
    flash('محصول ویرایش شد.', 'success')
    return redirect(url_for('products'))
# API برای چارت‌ها
@app.route('/api/stats')
@login_required
def api_stats():
    return jsonify(db.get_stats())

@app.route('/api/orders_chart')
@login_required
def api_orders_chart():
    conn = db.get_db()
    c = conn.cursor()
    c.execute("""
        SELECT date(created_at) as day, COUNT(*) as count, COALESCE(SUM(amount),0) as revenue
        FROM orders WHERE status IN ('confirmed','delivered')
        AND created_at >= date('now','-7 days')
        GROUP BY date(created_at) ORDER BY day
    """)
    rows = [dict(r) for r in c.fetchall()]
    conn.close()
    return jsonify(rows)

if __name__ == '__main__':
    app.run(debug=False, host='0.0.0.0', port=5000)
