"""User schemas(用于 owner 端管理用户)。"""
from __future__ import annotations

import re
from datetime import datetime

from pydantic import BaseModel, ConfigDict, EmailStr, Field, field_validator

from app.models.user import UserRole

# 用户名规则:3-32 字符,小写字母 / 数字 / 下划线 / 连字符;首字符必须为字母或数字
# 与 create_user.py 的 CLI 行为保持一致(允许任意大小写),但前端界面化时引导用小写
_USERNAME_RE = re.compile(r"^[a-z0-9][a-z0-9_-]{2,31}$")


class UserOut(BaseModel):
    """用户列表 / 详情(永远不返回 password_hash)。"""

    model_config = ConfigDict(from_attributes=True)

    id: int
    username: str
    email: str | None = None
    role: UserRole
    is_active: bool
    display_name: str | None = None
    created_at: datetime
    last_login_at: datetime | None = None


class UserCreate(BaseModel):
    """owner 创建新用户。固定 role=member(不允许提权)。"""

    username: str = Field(min_length=3, max_length=32)
    password: str = Field(min_length=6, max_length=128)
    email: EmailStr | None = None
    display_name: str | None = Field(default=None, max_length=128)

    @field_validator("username")
    @classmethod
    def _v_username(cls, v: str) -> str:
        if not _USERNAME_RE.match(v):
            raise ValueError(
                "用户名只能包含小写字母、数字、下划线、连字符,且首字符必须为字母或数字(3-32 字符)"
            )
        return v


class UserUpdate(BaseModel):
    """owner 修改用户。重置密码 / 启停 / 改昵称 / 改邮箱。role 永远不可改(防越权)。"""

    password: str | None = Field(default=None, min_length=6, max_length=128)
    is_active: bool | None = None
    email: EmailStr | None = None
    display_name: str | None = Field(default=None, max_length=128)


class UserDeleteResult(BaseModel):
    """软删除响应 — 实际是禁用,user_id 用于前端确认。"""

    id: int
    username: str
    is_active: bool
    detail: str