"""
Example route module - Copy this pattern for your domain.

This module demonstrates:
1. Registering routes with Flask app
2. Using auth validation
3. Making database calls via postgres module
"""

import os
import flask
import jwt
import core.auth as auth
import core.postgres as postgres


def _get_user_uuid(token):
    """Decode JWT to extract user UUID. Returns None on failure."""
    try:
        payload = jwt.decode(token, os.getenv("JWT_SECRET"), algorithms=["HS256"])
        return payload.get("sub")
    except (jwt.ExpiredSignatureError, jwt.InvalidTokenError):
        return None


def register(app):
    """Register routes with the Flask app."""

    @app.route("/api/example", methods=["GET"])
    def api_listExamples():
        header = flask.request.headers.get("Authorization", "")
        if not header.startswith("Bearer "):
            return flask.jsonify({"error": "missing token"}), 401
        token = header[7:]

        user_uuid = _get_user_uuid(token)
        if not user_uuid or not auth.verifyLoginToken(token, userUUID=user_uuid):
            return flask.jsonify({"error": "unauthorized"}), 401

        items = postgres.select("examples")
        return flask.jsonify(items), 200

    @app.route("/api/example", methods=["POST"])
    def api_addExample():
        header = flask.request.headers.get("Authorization", "")
        if not header.startswith("Bearer "):
            return flask.jsonify({"error": "missing token"}), 401
        token = header[7:]

        user_uuid = _get_user_uuid(token)
        if not user_uuid or not auth.verifyLoginToken(token, userUUID=user_uuid):
            return flask.jsonify({"error": "unauthorized"}), 401

        data = flask.request.get_json()
        item = postgres.insert("examples", data)
        return flask.jsonify(item), 201