import os
from flask import Flask, render_template, request, redirect, url_for, session, jsonify, flash
from pam import pam
import subprocess
from dotenv import load_dotenv

load_dotenv()

app = Flask(__name__)
app.secret_key = os.environ.get("FLASK_SECRET_KEY", os.urandom(32))


def get_user_screens(user):
    try:
        result = subprocess.run(
            ['sudo', '-u', user, 'screen', '-ls'],
            stdout=subprocess.PIPE,
            stderr=subprocess.PIPE,
            timeout=3
        )
        output = result.stdout.decode()
        screens = []
        for line in output.splitlines():
            if '\t' in line and '.' in line:
                # z.B. "\t12345.screenname (Detached)"
                parts = line.strip().split('\t')
                screen_info = parts[-1]
                session_id_part = screen_info.strip().split(' ')[0]
                status = "detached"
                if "(Attached)" in screen_info:
                    status = "attached"
                if '.' in session_id_part:
                    sid, name = session_id_part.split('.', 1)
                    screens.append({
                        'sid': sid,
                        'name': name,
                        'status': status
                    })
        return screens
    except Exception as e:
        print("Fehler bei get_user_screens:", str(e))
        return []

@app.route("/", methods=['GET'])
def root():
    if "user" in session:
        return redirect(url_for("dashboard"))
    return redirect(url_for("login"))

@app.route("/login", methods=['GET', 'POST'])
def login():
    if request.method == "POST":
        username = request.form["username"]
        password = request.form["password"]
        if pam().authenticate(username, password):
            session['user'] = username
            return redirect(url_for("dashboard"))
        else:
            flash("Login fehlgeschlagen! Nutzername oder Passwort falsch.")
    return render_template("login.html")

@app.route("/logout")
def logout():
    session.pop("user", None)
    return redirect(url_for("login"))

@app.route("/dashboard")
def dashboard():
    if "user" not in session:
        return redirect(url_for("login"))
    return render_template("index.html", user=session["user"])

@app.route("/api/screens")
def api_screens():
    if "user" not in session:
        return jsonify({"error": "not authenticated"}), 401
    screens = get_user_screens(session["user"])
    return jsonify(screens)

@app.route("/api/screen_action", methods=["POST"])
def api_screen_action():
    if "user" not in session:
        return jsonify({"error": "not authenticated"}), 401
    user = session["user"]
    sid = request.json.get("sid")
    name = request.json.get("name")
    action = request.json.get("action")

    # Sicherheits-Check
    if not sid or not name or action not in ["stop", "restart"]:
        return jsonify({"error": "bad request"}), 400

    screen_session = f"{sid}.{name}"

    try:
        subprocess.run(['sudo', '-u', user, 'screen', '-S', screen_session, '-X', 'quit'], timeout=3)
        # Restart nur falls gewünscht, und NUR wenn du weißt wie der Befehl heißt!
        if action == "restart":
            # Passe den Startbefehl individuell an!
            pass
        return jsonify({"success": True})
    except Exception as e:
        return jsonify({"error": str(e)}), 500

if __name__ == "__main__":
    app.run(host="0.0.0.0", port=5000, debug=True)