"""
app/routes/auth.py – Autenticación: login y logout.
"""
import logging
from flask import Blueprint, render_template, redirect, url_for, flash, request
from flask_login import login_user, logout_user, login_required, current_user

from app.models import Usuario
from app.forms  import LoginForm

auth_bp = Blueprint('auth', __name__)
logger  = logging.getLogger(__name__)


@auth_bp.route('/login', methods=['GET', 'POST'])
def login():
    if current_user.is_authenticated:
        return redirect(url_for('dashboard.index'))

    form = LoginForm()
    if form.validate_on_submit():
        usuario = Usuario.query.filter_by(correo=form.correo.data.strip().lower()).first()

        if usuario and usuario.activo and usuario.check_password(form.password.data):
            login_user(usuario)
            logger.info('Login exitoso: %s', usuario.correo)
            next_page = request.args.get('next')
            return redirect(next_page or url_for('dashboard.index'))

        flash('Correo o contraseña incorrectos.', 'danger')
        logger.warning('Intento de login fallido para: %s', form.correo.data)

    return render_template('login.html', form=form)


@auth_bp.route('/logout')
@login_required
def logout():
    logger.info('Logout: %s', current_user.correo)
    logout_user()
    flash('Sesión cerrada correctamente.', 'info')
    return redirect(url_for('auth.login'))