# -*- coding: utf-8 -*-
import sqlite3
#all the imports
from flask import Flask, request, session, g, redirect, url_for, \
	 abort, render_template, flash, _app_ctx_stack
from functools import wraps
import hashlib

# configuration
app = Flask(__name__)
app.config.from_envvar('CONF')

def query_db(query, args=(), one=False):
    cur = g.db.execute(query, args)
    rv = cur.fetchone() if one else cur.fetchall()
    cur.close()
    return rv

@app.before_request
def before_request():
    conn = sqlite3.connect(app.config['DATABASE'])
    conn.row_factory = sqlite3.Row 
    g.db = conn

@app.teardown_appcontext
def close_db_connection(exception):
    """Closes the database again at the end of the request."""
    g.db.close()

def login_required(f):
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if 'user_name' not in session:
            return redirect(url_for('login', next=request.url))
        return f(*args, **kwargs)
    return decorated_function

@app.route('/')
@app.route('/news/')
@login_required
def list_news():
    news = query_db("SELECT * FROM news LEFT JOIN users ON news.user_id = users.id")
    return render_template("news/list.html", news=news)

@app.route('/news/add/', methods=['GET', 'POST'])
@login_required
def add_news():
    if request.method == 'POST':
        cur = g.db.execute("INSERT INTO news ('title', 'content', 'user_id') "
                           "VALUES (?, ?, ?)",
                           (request.form['title'], request.form['content'],
                            session['user_id']))
        news_id = cur.lastrowid
        g.db.commit()
        return redirect(url_for('show_news', news_id=news_id))
    elif request.method == 'GET':
        return render_template("news/add.html")

@app.route('/news/<int:news_id>/', methods=['GET', 'POST'])
@login_required
def show_news(news_id):
    news = query_db("SELECT * FROM news LEFT JOIN users ON news.user_id = users.id "
                    "WHERE news.id = ?", (news_id,), True)
    if request.method == 'GET':
        comments = query_db("SELECT * FROM comments LEFT JOIN users "
                            "ON comments.user_id = users.id "
                            "WHERE comments.news_id = ?", (news_id,))
        return render_template("news/show.html", news=news, comments=comments)
    elif request.method == 'POST':
        user_id = session['user_id']
        content = request.form['content']
        g.db.execute("INSERT INTO comments ('user_id', 'content', 'news_id') "
                     "VALUES (?, ?, ?)", (user_id, content, news_id))
        g.db.commit()
        return redirect(url_for('show_news', news_id=news_id))
        
@app.route('/login/', methods=['GET', 'POST'])
def login():
    if 'user_name' in session:
        return redirect(url_for('list_news'))

    error = None
    if request.method == 'POST':
        username = request.form['username']
        password = hashlib.md5(request.form['password']).hexdigest();
        user = query_db('select * from users where name = ?', (username,), True)
        if user:
            if user['password'] == password:
                session['user_name'] = user['name']
                session['user_id'] = user['id']
                return redirect(url_for('list_news'))
            else:
                error = u'Mot de passe incorrect'
        else:
            error = u'Utilisateur non enregistré'
    return render_template('login.html', error=error)

@app.route('/logout/')
@login_required
def logout():
    session.pop('user_name', None)
    session.pop('user_id', None)
    return redirect(url_for('login'))

if __name__=="__main__":
    app.run()