import io
import base64
import qrcode
from django.utils import timezone
from apps.core.models import UserTwoFactor
from apps.core.utils import generate_base32_secret, verify_totp


ISSUER = "DealerPulse"


class TwoFactorService:

    @staticmethod
    def get_or_create_secret(user):
        two_factor, _ = UserTwoFactor.objects.get_or_create(
            user=user,
            defaults={"secret": generate_base32_secret()}
        )
        return two_factor

    @staticmethod
    def generate_qr_code(user, secret):
        otpauth_url = (
            f"otpauth://totp/{ISSUER}:{user.email}"
            f"?secret={secret}&issuer={ISSUER}"
        )

        qr = qrcode.make(otpauth_url)
        buffer = io.BytesIO()
        qr.save(buffer, format="PNG")

        return base64.b64encode(buffer.getvalue()).decode()

    @staticmethod
    def enable_2fa(user, token):
        two_factor = user.two_factor

        if not verify_totp(two_factor.secret, token):
            return False

        two_factor.is_enabled = True
        two_factor.confirmed_at = timezone.now()
        two_factor.save(update_fields=["is_enabled", "confirmed_at"])
        return True

    @staticmethod
    def disable_2fa(user, token):
        two_factor = user.two_factor

        if not verify_totp(two_factor.secret, token):
            return False

        two_factor.is_enabled = False
        two_factor.save(update_fields=["is_enabled"])
        return True