"""
Auth request/response schemas.
"""
from pydantic import BaseModel
from typing import Optional, List


class Token(BaseModel):
    access_token: str
    token_type: str = "bearer"
    refresh_token: Optional[str] = None
    expires_in: Optional[int] = None  # seconds until access token expiry
    user: Optional[dict] = None


class CreateUserRequest(BaseModel):
    username: str
    password: str
    roles: List[str] = []


class CreateRoleRequest(BaseModel):
    """Request body for creating a new role (admin only)."""
    role_name: str


class UpdateUserRequest(BaseModel):
    """Request body for updating a user (admin only). Optional password reset."""
    password: Optional[str] = None


class RefreshTokenRequest(BaseModel):
    refresh_token: str


class UserInfo(BaseModel):
    id: Optional[int] = None
    username: str
    roles: List[str] = []
    groups: List[str] = []
    is_admin: bool = False
    is_super_admin: bool = False
    primary_role: Optional[str] = None
    first_name: Optional[str] = None
    last_name: Optional[str] = None
    full_name: Optional[str] = None
    email: Optional[str] = None
    job_title: Optional[str] = None
    organization: Optional[str] = None
    phone: Optional[str] = None
    mobile_phone: Optional[str] = None
    enabled: Optional[bool] = None