from fastapi import APIRouter, HTTPException, Depends
from pymongo import UpdateOne

from database import events_collection
from graph.audit_logs import fetch_audit_logs
from sources.unified_audit import fetch_unified_audit
from sources.intune_audit import fetch_intune_audit
from models.event_model import normalize_event
from auth import require_auth

router = APIRouter(dependencies=[Depends(require_auth)])


def run_fetch(hours: int = 168):
    window = max(1, min(hours, 720))  # cap to 30 days for sanity
    logs = []
    errors = []

    def fetch_source(fn, label):
        try:
            return fn(hours=window)
        except Exception as exc:
            errors.append(f"{label}: {exc}")
            return []

    logs.extend(fetch_source(fetch_audit_logs, "Directory audit"))
    logs.extend(fetch_source(fetch_unified_audit, "Unified audit (Exchange/SharePoint/Teams)"))
    logs.extend(fetch_source(fetch_intune_audit, "Intune audit"))

    normalized = [normalize_event(e) for e in logs]
    if normalized:
        ops = []
        for doc in normalized:
            key = doc.get("dedupe_key")
            if key:
                ops.append(UpdateOne({"dedupe_key": key}, {"$set": doc}, upsert=True))
            else:
                ops.append(UpdateOne({"id": doc.get("id"), "timestamp": doc.get("timestamp")}, {"$set": doc}, upsert=True))
        events_collection.bulk_write(ops, ordered=False)
    return {"stored_events": len(normalized), "errors": errors}


@router.get("/fetch-audit-logs")
def fetch_logs(hours: int = 168):
    try:
        return run_fetch(hours=hours)
    except Exception as exc:
        raise HTTPException(status_code=502, detail=str(exc)) from exc