"""
PodcastItLater Web Service.

Web frontend for converting articles to podcast episodes.
Provides ludic + htmx interface and RSS feed generation.
"""

# : out podcastitlater-web
# : dep ludic
# : dep feedgen
# : dep httpx
# : dep itsdangerous
# : dep uvicorn
# : dep pytest
# : dep pytest-asyncio
# : dep pytest-mock
# : dep starlette
# : dep stripe
import Biz.EmailAgent
import Biz.PodcastItLater.Admin as Admin
import Biz.PodcastItLater.Billing as Billing
import Biz.PodcastItLater.Core as Core
import Biz.PodcastItLater.UI as UI
import html as html_module
import httpx
import logging
import ludic.html as html
import Omni.App as App
import Omni.Log as Log
import Omni.Test as Test
import os
import pathlib
import re
import sys
import tempfile
import typing
import urllib.parse
import uvicorn
from datetime import datetime
from datetime import timezone
from feedgen.feed import FeedGenerator  # type: ignore[import-untyped]
from itsdangerous import URLSafeTimedSerializer
from ludic.attrs import Attrs
from ludic.components import Component
from ludic.types import AnyChildren
from ludic.web import LudicApp
from ludic.web import Request
from ludic.web.datastructures import FormData
from ludic.web.responses import Response
from starlette.middleware.sessions import SessionMiddleware
from starlette.responses import RedirectResponse
from starlette.testclient import TestClient
from typing import override

logger = logging.getLogger(__name__)
Log.setup(logger)


# Configuration
area = App.from_env()
BASE_URL = os.getenv("BASE_URL", "http://localhost:8000")
PORT = int(os.getenv("PORT", "8000"))

# Authentication configuration
MAGIC_LINK_MAX_AGE = 3600  # 1 hour
SESSION_MAX_AGE = 30 * 24 * 3600  # 30 days
EMAIL_FROM = os.getenv("EMAIL_FROM", "noreply@podcastitlater.com")
SMTP_SERVER = os.getenv("SMTP_SERVER", "smtp.mailgun.org")
SMTP_PASSWORD = os.getenv("SMTP_PASSWORD", "")

# Initialize serializer for magic links
magic_link_serializer = URLSafeTimedSerializer(
    os.getenv("SECRET_KEY", "dev-secret-key"),
)


RSS_CONFIG = {
    "author": "PodcastItLater",
    "language": "en-US",
    "base_url": BASE_URL,
}


def extract_og_metadata(url: str) -> tuple[str | None, str | None]:
    """Extract Open Graph title and author from URL.

    Returns:
        tuple: (title, author) - both may be None if extraction fails
    """
    try:
        # Use httpx to fetch the page with a timeout
        response = httpx.get(url, timeout=10.0, follow_redirects=True)
        response.raise_for_status()

        # Simple regex-based extraction to avoid heavy dependencies
        html_content = response.text

        # Extract og:title
        title_match = re.search(
            r'<meta\s+(?:property|name)=["\']og:title["\']\s+content=["\'](.*?)["\']',
            html_content,
            re.IGNORECASE,
        )
        title = title_match.group(1) if title_match else None

        # Extract author - try article:author first, then og:site_name
        author_match = re.search(
            r'<meta\s+(?:property|name)=["\']article:author["\']\s+content=["\'](.*?)["\']',
            html_content,
            re.IGNORECASE,
        )
        if not author_match:
            author_match = re.search(
                r'<meta\s+(?:property|name)=["\']og:site_name["\']\s+content=["\'](.*?)["\']',
                html_content,
                re.IGNORECASE,
            )
        author = author_match.group(1) if author_match else None

        # Clean up HTML entities
        if title:
            title = html_module.unescape(title)
        if author:
            author = html_module.unescape(author)

    except (httpx.HTTPError, httpx.TimeoutException, re.error) as e:
        logger.warning("Failed to extract metadata from %s: %s", url, e)
        return None, None
    else:
        return title, author


def send_magic_link(email: str, token: str) -> None:
    """Send magic link email to user."""
    subject = "Login to PodcastItLater"

    # Create temporary file for email body
    with tempfile.NamedTemporaryFile(
        mode="w",
        suffix=".txt",
        delete=False,
        encoding="utf-8",
    ) as f:
        body_text_path = pathlib.Path(f.name)

    # Create email body
    magic_link = f"{BASE_URL}/auth/verify?token={token}"
    body_text_path.write_text(f"""
Hello,

Click this link to login to PodcastItLater:
{magic_link}

This link will expire in 1 hour.

If you didn't request this, please ignore this email.

Best,
PodcastItLater
""")

    try:
        Biz.EmailAgent.send_email(
            to_addrs=[email],
            from_addr=EMAIL_FROM,
            smtp_server=SMTP_SERVER,
            password=SMTP_PASSWORD,
            subject=subject,
            body_text=body_text_path,
        )
    finally:
        # Clean up temporary file
        body_text_path.unlink(missing_ok=True)


class LoginFormAttrs(Attrs):
    """Attributes for LoginForm component."""

    error: str | None


class LoginForm(Component[AnyChildren, LoginFormAttrs]):
    """Simple email-based login/registration form."""

    @override
    def render(self) -> html.div:
        error = self.attrs.get("error")
        is_dev_mode = App.from_env() == App.Area.Test

        return html.div(
            # Dev mode banner
            html.div(
                html.div(
                    html.i(classes=["bi", "bi-info-circle", "me-2"]),
                    html.strong("Dev/Test Mode: "),
                    "Use ",
                    html.code(
                        "demo@example.com",
                        classes=["text-dark", "mx-1"],
                    ),
                    " for instant login",
                    classes=[
                        "alert",
                        "alert-info",
                        "d-flex",
                        "align-items-center",
                        "mb-3",
                    ],
                ),
            )
            if is_dev_mode
            else html.div(),
            html.div(
                html.div(
                    html.h4(
                        html.i(classes=["bi", "bi-envelope-fill", "me-2"]),
                        "Login / Register",
                        classes=["card-title", "mb-3"],
                    ),
                    html.form(
                        html.div(
                            html.label(
                                "Email address",
                                for_="email",
                                classes=["form-label"],
                            ),
                            html.input(
                                type="email",
                                id="email",
                                name="email",
                                placeholder="your@email.com",
                                value="demo@example.com" if is_dev_mode else "",
                                required=True,
                                classes=["form-control", "mb-3"],
                            ),
                        ),
                        html.button(
                            html.i(
                                classes=["bi", "bi-arrow-right-circle", "me-2"],
                            ),
                            "Continue",
                            type="submit",
                            classes=["btn", "btn-primary", "w-100"],
                        ),
                        hx_post="/login",
                        hx_target="#login-result",
                        hx_swap="innerHTML",
                    ),
                    html.div(
                        error or "",
                        id="login-result",
                        classes=["mt-3"],
                    ),
                    classes=["card-body"],
                ),
                classes=["card"],
            ),
            classes=["mb-4"],
        )


class SubmitForm(Component[AnyChildren, Attrs]):
    """Article submission form with HTMX."""

    @override
    def render(self) -> html.div:
        return html.div(
            html.div(
                html.div(
                    html.h4(
                        html.i(classes=["bi", "bi-file-earmark-plus", "me-2"]),
                        "Submit Article",
                        classes=["card-title", "mb-3"],
                    ),
                    html.form(
                        html.div(
                            html.label(
                                "Article URL",
                                for_="url",
                                classes=["form-label"],
                            ),
                            html.div(
                                html.input(
                                    type="url",
                                    id="url",
                                    name="url",
                                    placeholder="https://example.com/article",
                                    required=True,
                                    classes=["form-control"],
                                    on_focus="this.select()",
                                ),
                                html.button(
                                    html.i(classes=["bi", "bi-send-fill"]),
                                    type="submit",
                                    classes=["btn", "btn-primary"],
                                ),
                                classes=["input-group", "mb-3"],
                            ),
                        ),
                        hx_post="/submit",
                        hx_target="#submit-result",
                        hx_swap="innerHTML",
                        hx_on=(
                            "htmx:afterRequest: "
                            "if(event.detail.successful) "
                            "document.getElementById('url').value = ''"
                        ),
                    ),
                    html.div(id="submit-result", classes=["mt-2"]),
                    classes=["card-body"],
                ),
                classes=["card"],
            ),
            classes=["mb-4"],
        )


class QueueStatusAttrs(Attrs):
    """Attributes for QueueStatus component."""

    items: list[dict[str, typing.Any]]


class QueueStatus(Component[AnyChildren, QueueStatusAttrs]):
    """Display queue items with auto-refresh."""

    @override
    def render(self) -> html.div:
        items = self.attrs["items"]
        if not items:
            return html.div(
                html.h4(
                    html.i(classes=["bi", "bi-list-check", "me-2"]),
                    "Queue Status",
                    classes=["mb-3"],
                ),
                html.p("No items in queue", classes=["text-muted"]),
            )

        # Map status to Bootstrap badge classes
        status_classes = {
            "pending": "bg-warning text-dark",
            "processing": "bg-primary",
            "error": "bg-danger",
            "cancelled": "bg-secondary",
        }

        status_icons = {
            "pending": "bi-clock",
            "processing": "bi-arrow-repeat",
            "error": "bi-exclamation-triangle",
            "cancelled": "bi-x-circle",
        }

        queue_items = []
        for item in items:
            badge_class = status_classes.get(item["status"], "bg-secondary")
            icon_class = status_icons.get(item["status"], "bi-question-circle")

            queue_items.append(
                html.div(
                    html.div(
                        html.div(
                            html.strong(f"#{item['id']}", classes=["me-2"]),
                            html.span(
                                html.i(classes=["bi", icon_class, "me-1"]),
                                item["status"].upper(),
                                classes=["badge", badge_class],
                            ),
                            classes=[
                                "d-flex",
                                "align-items-center",
                                "justify-content-between",
                            ],
                        ),
                        # Add title and author if available
                        *(
                            [
                                html.div(
                                    html.strong(
                                        item["title"],
                                        classes=["d-block"],
                                    ),
                                    html.small(
                                        f"by {item['author']}",
                                        classes=["text-muted"],
                                    )
                                    if item.get("author")
                                    else html.span(),
                                    classes=["mt-2"],
                                ),
                            ]
                            if item.get("title")
                            else []
                        ),
                        html.small(
                            html.i(classes=["bi", "bi-link-45deg", "me-1"]),
                            item["url"][: Core.URL_TRUNCATE_LENGTH]
                            + (
                                "..."
                                if len(item["url"]) > Core.URL_TRUNCATE_LENGTH
                                else ""
                            ),
                            classes=["text-muted", "d-block", "mt-2"],
                        ),
                        html.small(
                            html.i(classes=["bi", "bi-calendar", "me-1"]),
                            f"Created: {item['created_at']}",
                            classes=["text-muted", "d-block", "mt-1"],
                        ),
                        *(
                            [
                                html.div(
                                    html.i(
                                        classes=[
                                            "bi",
                                            "bi-exclamation-circle",
                                            "me-1",
                                        ],
                                    ),
                                    f"Error: {item['error_message']}",
                                    classes=[
                                        "alert",
                                        "alert-danger",
                                        "mt-2",
                                        "mb-0",
                                        "py-1",
                                        "px-2",
                                        "small",
                                    ],
                                ),
                            ]
                            if item["error_message"]
                            else []
                        ),
                        # Add cancel button for pending jobs, remove for others
                        html.div(
                            html.button(
                                html.i(classes=["bi", "bi-x-lg", "me-1"]),
                                "Cancel",
                                hx_post=f"/queue/{item['id']}/cancel",
                                hx_trigger="click",
                                hx_on=(
                                    "htmx:afterRequest: "
                                    "if(event.detail.successful) "
                                    "htmx.trigger('body', 'queue-updated')"
                                ),
                                classes=[
                                    "btn",
                                    "btn-sm",
                                    "btn-outline-danger",
                                    "mt-2",
                                ],
                            )
                            if item["status"] == "pending"
                            else html.button(
                                html.i(classes=["bi", "bi-trash", "me-1"]),
                                "Remove",
                                hx_delete=f"/queue/{item['id']}",
                                hx_trigger="click",
                                hx_confirm="Remove this item from the queue?",
                                hx_on=(
                                    "htmx:afterRequest: "
                                    "if(event.detail.successful) "
                                    "htmx.trigger('body', 'queue-updated')"
                                ),
                                classes=[
                                    "btn",
                                    "btn-sm",
                                    "btn-outline-secondary",
                                    "mt-2",
                                ],
                            ),
                            classes=["mt-2"],
                        ),
                        classes=["card-body"],
                    ),
                    classes=["card", "mb-2"],
                ),
            )

        return html.div(
            html.h4(
                html.i(classes=["bi", "bi-list-check", "me-2"]),
                "Queue Status",
                classes=["mb-3"],
            ),
            *queue_items,
        )


class EpisodeListAttrs(Attrs):
    """Attributes for EpisodeList component."""

    episodes: list[dict[str, typing.Any]]
    rss_url: str | None


class EpisodeList(Component[AnyChildren, EpisodeListAttrs]):
    """List recent episodes (no audio player - use podcast app)."""

    @override
    def render(self) -> html.div:
        episodes = self.attrs["episodes"]
        rss_url = self.attrs.get("rss_url")

        if not episodes:
            return html.div(
                html.h4(
                    html.i(classes=["bi", "bi-broadcast", "me-2"]),
                    "Recent Episodes",
                    classes=["mb-3"],
                ),
                html.p("No episodes yet", classes=["text-muted"]),
            )

        episode_items = []
        for episode in episodes:
            duration_str = UI.format_duration(episode.get("duration"))
            episode_items.append(
                html.div(
                    html.div(
                        html.h5(
                            episode["title"],
                            classes=["card-title", "mb-2"],
                        ),
                        # Show author if available
                        html.p(
                            html.i(classes=["bi", "bi-person", "me-1"]),
                            f"by {episode['author']}",
                            classes=["text-muted", "small", "mb-3"],
                        )
                        if episode.get("author")
                        else html.div(),
                        html.div(
                            html.small(
                                html.i(classes=["bi", "bi-clock", "me-1"]),
                                f"Duration: {duration_str}",
                                classes=["text-muted", "me-3"],
                            ),
                            html.small(
                                html.i(classes=["bi", "bi-calendar", "me-1"]),
                                f"Created: {episode['created_at']}",
                                classes=["text-muted"],
                            ),
                            classes=["mb-2"],
                        ),
                        # Show link to original article if available
                        html.div(
                            html.a(
                                html.i(classes=["bi", "bi-link-45deg", "me-1"]),
                                "View original article",
                                href=episode["original_url"],
                                target="_blank",
                                classes=[
                                    "btn",
                                    "btn-sm",
                                    "btn-outline-primary",
                                ],
                            ),
                        )
                        if episode.get("original_url")
                        else html.div(),
                        classes=["card-body"],
                    ),
                    classes=["card", "mb-3"],
                ),
            )

        return html.div(
            html.h4(
                html.i(classes=["bi", "bi-broadcast", "me-2"]),
                "Recent Episodes",
                classes=["mb-3"],
            ),
            # RSS feed link with copy-to-clipboard
            html.div(
                html.div(
                    html.i(classes=["bi", "bi-rss-fill", "me-2"]),
                    html.strong("Subscribe in your podcast app: "),
                    html.a(
                        rss_url or "",
                        href="#",
                        id="rss-link",
                        on_click=f"navigator.clipboard.writeText('{rss_url}'); "
                        "document.getElementById('copy-feedback').classList.remove('d-none'); "  # noqa: E501
                        "setTimeout(() => document.getElementById('copy-feedback').classList.add('d-none'), 2000); "  # noqa: E501
                        "return false;",
                        classes=[
                            "text-decoration-none",
                            "text-truncate",
                            "d-inline-block",
                        ],
                    ),
                    html.span(
                        " ✓ Copied!",
                        id="copy-feedback",
                        classes=["text-success", "small", "d-none"],
                    ),
                    classes=["mb-3"],
                ),
            )
            if rss_url
            else html.div(),
            *episode_items,
        )


class HomePageAttrs(Attrs):
    """Attributes for HomePage component."""

    queue_items: list[dict[str, typing.Any]]
    episodes: list[dict[str, typing.Any]]
    user: dict[str, typing.Any] | None
    error: str | None


class HomePage(Component[AnyChildren, HomePageAttrs]):
    """Main page combining all components."""

    @staticmethod
    def _render_plan_callout(
        user: dict[str, typing.Any],
    ) -> html.div:
        """Render plan info callout box below navbar."""
        tier = user.get("plan_tier", "free")

        if tier == "free":
            # Get usage and show quota
            period_start, period_end = Billing.get_period_boundaries(user)
            usage = Billing.get_usage(user["id"], period_start, period_end)
            articles_used = usage["articles"]
            articles_limit = 10
            articles_left = max(0, articles_limit - articles_used)

            return html.div(
                html.div(
                    html.div(
                        html.i(
                            classes=[
                                "bi",
                                "bi-info-circle-fill",
                                "me-2",
                            ],
                        ),
                        html.strong(f"{articles_left} articles remaining"),
                        " of your free plan limit. ",
                        html.br(),
                        "Upgrade to ",
                        html.strong("Paid Plan"),
                        " for unlimited articles at $12/month.",
                    ),
                    html.form(
                        html.input(
                            type="hidden",
                            name="tier",
                            value="paid",
                        ),
                        html.button(
                            html.i(
                                classes=[
                                    "bi",
                                    "bi-arrow-up-circle",
                                    "me-1",
                                ],
                            ),
                            "Upgrade Now",
                            type="submit",
                            classes=[
                                "btn",
                                "btn-success",
                                "btn-sm",
                                "mt-2",
                            ],
                        ),
                        method="post",
                        action="/billing/checkout",
                    ),
                    classes=[
                        "alert",
                        "alert-info",
                        "d-flex",
                        "justify-content-between",
                        "align-items-center",
                        "mb-4",
                    ],
                ),
                classes=["mb-4"],
            )
        # Paid user - no callout needed
        return html.div()

    @override
    def render(self) -> html.html:
        queue_items = self.attrs["queue_items"]
        episodes = self.attrs["episodes"]
        user = self.attrs.get("user")

        return html.html(
            html.head(
                html.meta(charset="utf-8"),
                html.meta(
                    name="viewport",
                    content="width=device-width, initial-scale=1",
                ),
                html.meta(
                    name="color-scheme",
                    content="light dark",
                ),
                html.title("PodcastItLater"),
                html.script(
                    src="https://unpkg.com/htmx.org@1.9.10",
                    integrity="sha384-D1Kt99CQMDuVetoL1lrYwg5t+9QdHe7NLX/SoJYkXDFfX37iInKRy5xLSi8nO7UC",
                    crossorigin="anonymous",
                ),
            ),
            html.body(
                html.style(
                    "@import url('https://cdn.jsdelivr.net/npm/bootstrap@5.3.2"
                    "/dist/css/bootstrap.min.css');"
                    "@import url('https://cdn.jsdelivr.net/npm/bootstrap-icons"
                    "@1.11.3/font/bootstrap-icons.min.css');",
                ),
                # Auto dark mode CSS (must come after Bootstrap)
                UI.create_auto_dark_mode_style(),
                # Bootstrap container
                html.div(
                    # Header
                    html.div(
                        html.h1(
                            "PodcastItLater",
                            classes=["display-4", "mb-2"],
                        ),
                        html.p(
                            "Convert web articles to podcast episodes",
                            classes=["lead", "text-muted"],
                        ),
                        classes=["text-center", "mb-4", "pt-4"],
                    ),
                    # Error alert
                    html.div(
                        html.div(
                            html.i(
                                classes=[
                                    "bi",
                                    "bi-exclamation-triangle-fill",
                                    "me-2",
                                ],
                            ),
                            self.attrs.get("error", "") or "",
                            classes=[
                                "alert",
                                "alert-danger",
                                "d-flex",
                                "align-items-center",
                            ],
                            role="alert",  # type: ignore[call-arg]
                        ),
                    )
                    if self.attrs.get("error")
                    else html.div(),
                    # User info navbar
                    html.nav(
                        html.div(
                            # Hamburger toggle button (right side)
                            html.button(  # type: ignore[call-arg]
                                html.span(classes=["navbar-toggler-icon"]),
                                classes=["navbar-toggler", "ms-auto"],
                                type="button",
                                data_bs_toggle="collapse",
                                data_bs_target="#navbarNav",
                                aria_controls="navbarNav",
                                aria_expanded="false",
                                aria_label="Toggle navigation",
                            ),
                            # Collapsible content
                            html.div(
                                # Navigation links
                                html.ul(
                                    html.li(
                                        html.a(
                                            html.i(
                                                classes=[
                                                    "bi",
                                                    "bi-person-circle",
                                                    "me-1",
                                                ],
                                            ),
                                            "Manage Account",
                                            href="/account",
                                            classes=["nav-link"],
                                        ),
                                        classes=["nav-item"],
                                    ),
                                    html.li(
                                        html.a(
                                            html.i(
                                                classes=[
                                                    "bi",
                                                    "bi-gear-fill",
                                                    "me-1",
                                                ],
                                            ),
                                            "Admin Queue",
                                            href="/admin",
                                            classes=["nav-link"],
                                        ),
                                        classes=["nav-item"],
                                    )
                                    if Core.is_admin(user)
                                    else html.span(),
                                    classes=["navbar-nav"],
                                ),
                                id="navbarNav",
                                classes=["collapse", "navbar-collapse"],
                            ),
                            classes=["container-fluid"],
                        ),
                        classes=[
                            "navbar",
                            "navbar-expand-lg",
                            "bg-body-tertiary",
                            "rounded",
                            "mb-4",
                        ],
                    )
                    if user
                    else LoginForm(error=self.attrs.get("error")),
                    # Plan info callout (only for logged in users)
                    self._render_plan_callout(user) if user else html.div(),
                    # Main content (only if logged in)
                    html.div(
                        SubmitForm(),
                        html.div(
                            QueueStatus(items=queue_items),
                            EpisodeList(
                                episodes=episodes,
                                rss_url=f"{BASE_URL}/feed/{user['token']}.xml"
                                if user
                                else None,
                            ),
                            id="dashboard-content",
                            hx_get="/dashboard-updates",
                            hx_trigger="every 3s, queue-updated from:body",
                            hx_swap="innerHTML",
                        ),
                    )
                    if user
                    else html.div(),
                    classes=["container", "px-3", "px-md-4"],
                    style={"max-width": "900px"},
                ),
                # Bootstrap JS bundle
                html.script(
                    src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js",
                    integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL",
                    crossorigin="anonymous",
                ),
            ),
        )


# Create ludic app with session support
app = LudicApp()
app.add_middleware(
    SessionMiddleware,
    secret_key=os.getenv("SESSION_SECRET", "dev-secret-key"),
    max_age=SESSION_MAX_AGE,  # 30 days
    same_site="lax",
    https_only=App.from_env() == App.Area.Live,  # HTTPS only in production
)


@app.get("/")
def index(request: Request) -> HomePage:
    """Display main page with form and status."""
    user_id = request.session.get("user_id")
    user = None
    queue_items = []
    episodes = []
    error = request.query_params.get("error")
    status = request.query_params.get("status")

    # Map error codes to user-friendly messages
    error_messages = {
        "invalid_link": "Invalid login link",
        "expired_link": "Login link has expired. Please request a new one.",
        "user_not_found": "User not found. Please try logging in again.",
        "forbidden": "Access denied. Admin privileges required.",
        "cancel": "Checkout cancelled.",
    }

    # Handle billing status messages
    if status == "success":
        error_message = None
    elif status == "cancel":
        error_message = error_messages["cancel"]
    else:
        error_message = error_messages.get(error) if error else None

    if user_id:
        user = Core.Database.get_user_by_id(user_id)
        if user:
            # Get user-specific queue items and episodes
            queue_items = Core.Database.get_user_queue_status(
                user_id,
            )
            episodes = Core.Database.get_user_recent_episodes(
                user_id,
                10,
            )

    return HomePage(
        queue_items=queue_items,
        episodes=episodes,
        user=user,
        error=error_message,
    )


def _handle_test_login(email: str, request: Request) -> Response:
    """Handle login in test mode."""
    # Special handling for demo account
    is_demo_account = email == "demo@example.com"

    user = Core.Database.get_user_by_email(email)
    if not user:
        # Create new user
        status = "active"
        user_id, token = Core.Database.create_user(email, status=status)
        user = {
            "id": user_id,
            "email": email,
            "token": token,
            "status": status,
        }
    elif is_demo_account and user.get("status") != "active":
        # Auto-activate demo account if it exists but isn't active
        Core.Database.update_user_status(user["id"], "active")
        user["status"] = "active"

    # Check if user is active
    if user.get("status") != "active":
        pending_message = (
            '<div class="alert alert-warning">'
            "Account created, currently pending. "
            'Email <a href="mailto:ben@bensima.com" '
            'class="alert-link">ben@bensima.com</a> '
            'or message <a href="https://x.com/bensima" '
            'target="_blank" class="alert-link">@bensima</a> '
            "to get your account activated.</div>"
        )
        return Response(pending_message, status_code=200)

    # Set session with extended lifetime
    request.session["user_id"] = user["id"]
    request.session["permanent"] = True

    return Response(
        '<div class="alert alert-success">✓ Logged in (dev mode)</div>',
        status_code=200,
        headers={"HX-Redirect": "/"},
    )


def _handle_production_login(email: str) -> Response:
    """Handle login in production mode."""
    pending_message = (
        '<div class="alert alert-warning">'
        "Account created, currently pending. "
        'Email <a href="mailto:ben@bensima.com" '
        'class="alert-link">ben@bensima.com</a> '
        'or message <a href="https://x.com/bensima" '
        'target="_blank" class="alert-link">@bensima</a> '
        "to get your account activated.</div>"
    )

    # Get or create user
    user = Core.Database.get_user_by_email(email)
    if not user:
        user_id, token = Core.Database.create_user(email)
        user = {
            "id": user_id,
            "email": email,
            "token": token,
            "status": "active",
        }

    # Check if user is active
    if user.get("status") != "active":
        return Response(pending_message, status_code=200)

    # Generate magic link token
    magic_token = magic_link_serializer.dumps({
        "user_id": user["id"],
        "email": email,
    })

    # Send email
    send_magic_link(email, magic_token)

    return Response(
        f'<div class="alert alert-success">✓ Magic link sent to {email}. '
        f"Check your email!</div>",
        status_code=200,
    )


@app.post("/login")
def login(request: Request, data: FormData) -> Response:
    """Handle login/registration."""
    try:
        email_raw = data.get("email", "")
        email = email_raw.strip().lower() if isinstance(email_raw, str) else ""

        if not email:
            return Response(
                '<div class="alert alert-danger">Email is required</div>',
                status_code=400,
            )

        area = App.from_env()

        if area == App.Area.Test:
            return _handle_test_login(email, request)
        return _handle_production_login(email)

    except Exception as e:
        logger.exception("Login error")
        return Response(
            f'<div class="alert alert-danger">Error: {e!s}</div>',
            status_code=500,
        )


@app.get("/auth/verify")
def verify_magic_link(request: Request) -> Response:
    """Verify magic link and log user in."""
    token = request.query_params.get("token")

    if not token:
        return RedirectResponse("/?error=invalid_link")

    try:
        # Verify token
        data = magic_link_serializer.loads(token, max_age=MAGIC_LINK_MAX_AGE)
        user_id = data["user_id"]

        # Verify user still exists
        user = Core.Database.get_user_by_id(user_id)
        if not user:
            return RedirectResponse("/?error=user_not_found")

        # Set session with extended lifetime
        request.session["user_id"] = user_id
        request.session["permanent"] = True

        return RedirectResponse("/")

    except (ValueError, KeyError):
        # Token is invalid or expired
        return RedirectResponse("/?error=expired_link")


@app.get("/account")
def account_page(request: Request) -> html.html | RedirectResponse:
    """Account management page."""
    user_id = request.session.get("user_id")
    if not user_id:
        return RedirectResponse(url="/?error=login_required")

    user = Core.Database.get_user_by_id(user_id)
    if not user:
        return RedirectResponse(url="/?error=user_not_found")

    # Get subscription details
    tier = user.get("plan_tier", "free")
    tier_info = Billing.get_tier_info(tier)
    subscription_status = user.get("subscription_status", "")
    cancel_at_period_end = user.get("cancel_at_period_end", 0) == 1

    return html.html(
        html.head(
            html.meta(charset="utf-8"),
            html.meta(
                name="viewport",
                content="width=device-width, initial-scale=1",
            ),
            html.meta(
                name="color-scheme",
                content="light dark",
            ),
            html.title("Account - PodcastItLater"),
            html.script(
                src="https://unpkg.com/htmx.org@1.9.10",
                integrity="sha384-D1Kt99CQMDuVetoL1lrYwg5t+9QdHe7NLX/SoJYkXDFfX37iInKRy5xLSi8nO7UC",
                crossorigin="anonymous",
            ),
        ),
        html.body(
            html.style(
                "@import url('https://cdn.jsdelivr.net/npm/bootstrap@5.3.2"
                "/dist/css/bootstrap.min.css');"
                "@import url('https://cdn.jsdelivr.net/npm/bootstrap-icons"
                "@1.11.3/font/bootstrap-icons.min.css');",
            ),
            UI.create_auto_dark_mode_style(),
            html.div(
                html.div(
                    html.h1(
                        html.i(
                            classes=["bi", "bi-person-circle", "me-2"],
                        ),
                        "Account Management",
                        classes=["mb-4"],
                    ),
                    html.div(
                        html.a(
                            html.i(
                                classes=["bi", "bi-arrow-left", "me-1"],
                            ),
                            "Back to Dashboard",
                            href="/",
                            classes=[
                                "btn",
                                "btn-outline-secondary",
                                "mb-4",
                            ],
                        ),
                    ),
                    # Account info section
                    html.div(
                        html.h4(
                            html.i(classes=["bi", "bi-envelope-fill", "me-2"]),
                            "Account Information",
                            classes=["card-header", "bg-transparent"],
                        ),
                        html.div(
                            html.div(
                                html.strong("Email: "),
                                user["email"],
                                classes=["mb-2"],
                            ),
                            html.div(
                                html.strong("Account Created: "),
                                user["created_at"],
                                classes=["mb-2"],
                            ),
                            classes=["card-body"],
                        ),
                        classes=["card", "mb-4"],
                    ),
                    # Subscription section
                    html.div(
                        html.h4(
                            html.i(
                                classes=["bi", "bi-credit-card-fill", "me-2"],
                            ),
                            "Subscription",
                            classes=["card-header", "bg-transparent"],
                        ),
                        html.div(
                            html.div(
                                html.strong("Plan: "),
                                tier_info["name"],
                                f" ({tier_info['price']})",
                                classes=["mb-2"],
                            ),
                            html.div(
                                html.strong("Status: "),
                                subscription_status.title()
                                if subscription_status
                                else "Active",
                                classes=["mb-2"],
                            )
                            if tier == "paid"
                            else html.div(),
                            html.div(
                                html.i(
                                    classes=[
                                        "bi",
                                        "bi-info-circle",
                                        "me-1",
                                    ],
                                ),
                                "Your subscription will cancel at the end "
                                "of the billing period.",
                                classes=[
                                    "alert",
                                    "alert-warning",
                                    "mt-2",
                                    "mb-2",
                                ],
                            )
                            if cancel_at_period_end
                            else html.div(),
                            html.div(
                                html.strong("Features: "),
                                tier_info["description"],
                                classes=["mb-3"],
                            ),
                            # Subscription actions
                            html.div(
                                html.a(
                                    html.i(
                                        classes=[
                                            "bi",
                                            "bi-arrow-up-circle",
                                            "me-1",
                                        ],
                                    ),
                                    "Upgrade to Paid Plan",
                                    href="#",
                                    hx_post="/billing/checkout",
                                    hx_vals='{"tier": "paid"}',
                                    classes=[
                                        "btn",
                                        "btn-success",
                                        "me-2",
                                    ],
                                )
                                if tier == "free"
                                else html.a(
                                    html.i(
                                        classes=[
                                            "bi",
                                            "bi-gear-fill",
                                            "me-1",
                                        ],
                                    ),
                                    "Manage Subscription",
                                    href="#",
                                    hx_post="/billing/portal",
                                    classes=[
                                        "btn",
                                        "btn-primary",
                                        "me-2",
                                    ],
                                ),
                            ),
                            classes=["card-body"],
                        ),
                        classes=["card", "mb-4"],
                    ),
                    # Actions section
                    html.div(
                        html.h4(
                            html.i(classes=["bi", "bi-sliders", "me-2"]),
                            "Actions",
                            classes=["card-header", "bg-transparent"],
                        ),
                        html.div(
                            html.a(
                                html.i(
                                    classes=[
                                        "bi",
                                        "bi-box-arrow-right",
                                        "me-1",
                                    ],
                                ),
                                "Logout",
                                href="/logout",
                                classes=[
                                    "btn",
                                    "btn-outline-secondary",
                                    "mb-2",
                                    "me-2",
                                ],
                            ),
                            classes=["card-body"],
                        ),
                        classes=["card", "mb-4"],
                    ),
                    classes=["mb-4"],
                ),
                classes=["container", "my-5", "px-3", "px-md-4"],
                style={"max-width": "900px"},
            ),
            html.script(
                src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js",
                integrity="sha384-C6RzsynM9kWDrMNeT87bh95OGNyZPhcTNXj1NW7RuBCsyN/o0jlpcV8Qyq46cDfL",
                crossorigin="anonymous",
            ),
        ),
    )


@app.get("/logout")
def logout(request: Request) -> Response:
    """Handle logout."""
    request.session.clear()
    return Response(
        "",
        status_code=302,
        headers={"Location": "/"},
    )


@app.post("/submit")
def submit_article(request: Request, data: FormData) -> html.div:  # noqa: PLR0911
    """Handle manual form submission."""
    try:
        # Check if user is logged in
        user_id = request.session.get("user_id")
        if not user_id:
            return html.div(
                html.i(classes=["bi", "bi-exclamation-triangle", "me-2"]),
                "Error: Please login first",
                classes=["alert", "alert-danger"],
            )

        user = Core.Database.get_user_by_id(user_id)
        if not user:
            return html.div(
                html.i(classes=["bi", "bi-exclamation-triangle", "me-2"]),
                "Error: Invalid session",
                classes=["alert", "alert-danger"],
            )

        url_raw = data.get("url", "")
        url = url_raw.strip() if isinstance(url_raw, str) else ""

        if not url:
            return html.div(
                html.i(classes=["bi", "bi-exclamation-triangle", "me-2"]),
                "Error: URL is required",
                classes=["alert", "alert-danger"],
            )

        # Basic URL validation
        parsed = urllib.parse.urlparse(url)
        if not parsed.scheme or not parsed.netloc:
            return html.div(
                html.i(classes=["bi", "bi-exclamation-triangle", "me-2"]),
                "Error: Invalid URL format",
                classes=["alert", "alert-danger"],
            )

        # Check usage limits
        allowed, _msg, usage = Billing.can_submit(user_id)
        if not allowed:
            tier = user.get("plan_tier", "free")
            tier_info = Billing.get_tier_info(tier)
            limit = tier_info.get("articles_limit", 0)
            return html.div(
                html.i(classes=["bi", "bi-exclamation-circle", "me-2"]),
                html.strong("Limit reached: "),
                f"You've used {usage['articles']}/{limit} articles "
                "this period. ",
                html.a(
                    "Upgrade your plan",
                    href="/billing",
                    classes=["alert-link"],
                ),
                " to continue.",
                classes=["alert", "alert-warning"],
            )

        # Extract Open Graph metadata
        title, author = extract_og_metadata(url)

        job_id = Core.Database.add_to_queue(
            url,
            user["email"],
            user_id,
            title=title,
            author=author,
        )
        return html.div(
            html.i(classes=["bi", "bi-check-circle", "me-2"]),
            f"✓ Article submitted successfully! Job ID: {job_id}",
            classes=["alert", "alert-success"],
        )

    except (httpx.HTTPError, httpx.TimeoutException, ValueError) as e:
        return html.div(
            html.i(classes=["bi", "bi-exclamation-triangle", "me-2"]),
            f"Error: {e!s}",
            classes=["alert", "alert-danger"],
        )


@app.get("/feed/{token}.xml")
def rss_feed(request: Request, token: str) -> Response:  # noqa: ARG001
    """Generate user-specific RSS podcast feed."""
    try:
        # Validate token and get user
        user = Core.Database.get_user_by_token(token)
        if not user:
            return Response("Invalid feed token", status_code=404)

        # Get episodes for this user only
        episodes = Core.Database.get_user_all_episodes(
            user["id"],
        )

        # Extract first name from email for personalization
        email_name = user["email"].split("@")[0].split(".")[0].title()

        fg = FeedGenerator()
        fg.title(f"{email_name}'s Article Podcast")
        fg.description(f"Web articles converted to audio for {user['email']}")
        fg.author(name=RSS_CONFIG["author"])
        fg.language(RSS_CONFIG["language"])
        fg.link(href=f"{RSS_CONFIG['base_url']}/feed/{token}.xml")
        fg.id(f"{RSS_CONFIG['base_url']}/feed/{token}.xml")

        for episode in episodes:
            fe = fg.add_entry()
            fe.id(f"{RSS_CONFIG['base_url']}/episode/{episode['id']}")
            fe.title(episode["title"])
            fe.description(f"Episode {episode['id']}: {episode['title']}")
            fe.enclosure(
                episode["audio_url"],
                str(episode.get("content_length", 0)),
                "audio/mpeg",
            )
            # SQLite timestamps don't have timezone info, so add UTC
            created_at = datetime.fromisoformat(episode["created_at"])
            if created_at.tzinfo is None:
                created_at = created_at.replace(tzinfo=timezone.utc)
            fe.pubDate(created_at)

        rss_str = fg.rss_str(pretty=True)
        return Response(
            rss_str,
            media_type="application/rss+xml; charset=utf-8",
        )

    except (ValueError, KeyError, AttributeError) as e:
        return Response(f"Error generating feed: {e}", status_code=500)


@app.get("/status")
def queue_status(request: Request) -> QueueStatus:
    """Return HTMX endpoint for live queue updates."""
    # Check if user is logged in
    user_id = request.session.get("user_id")
    if not user_id:
        return QueueStatus(items=[])

    # Get user-specific queue items
    queue_items = Core.Database.get_user_queue_status(
        user_id,
    )
    return QueueStatus(items=queue_items)


@app.get("/dashboard-updates")
def dashboard_updates(request: Request) -> html.div:
    """Return both queue status and recent episodes for dashboard updates."""
    # Check if user is logged in
    user_id = request.session.get("user_id")
    if not user_id:
        return html.div(
            QueueStatus(items=[]),
            EpisodeList(episodes=[], rss_url=None),
        )

    # Get user info for RSS URL
    user = Core.Database.get_user_by_id(user_id)
    rss_url = f"{BASE_URL}/feed/{user['token']}.xml" if user else None

    # Get user-specific queue items and episodes
    queue_items = Core.Database.get_user_queue_status(user_id)
    episodes = Core.Database.get_user_recent_episodes(user_id, 10)

    return html.div(
        QueueStatus(items=queue_items),
        EpisodeList(episodes=episodes, rss_url=rss_url),
        id="dashboard-content",
    )


# Register admin routes
app.get("/admin")(Admin.admin_queue_status)
app.post("/queue/{job_id}/retry")(Admin.retry_queue_item)


@app.post("/billing/checkout")
def billing_checkout(request: Request, data: FormData) -> Response:
    """Create Stripe Checkout session."""
    user_id = request.session.get("user_id")
    if not user_id:
        return Response("Unauthorized", status_code=401)

    tier_raw = data.get("tier", "paid")
    tier = tier_raw if isinstance(tier_raw, str) else "paid"
    if tier != "paid":
        return Response("Invalid tier", status_code=400)

    try:
        checkout_url = Billing.create_checkout_session(user_id, tier, BASE_URL)
        return RedirectResponse(url=checkout_url, status_code=303)
    except ValueError as e:
        logger.exception("Checkout error")
        return Response(f"Error: {e!s}", status_code=400)


@app.post("/billing/portal")
def billing_portal(request: Request) -> Response | RedirectResponse:
    """Create Stripe Billing Portal session."""
    user_id = request.session.get("user_id")
    if not user_id:
        return Response("Unauthorized", status_code=401)

    try:
        portal_url = Billing.create_portal_session(user_id, BASE_URL)
        return RedirectResponse(url=portal_url, status_code=303)
    except Exception:
        logger.exception("Portal error - ensure Stripe portal is configured")
        return Response("Portal not configured", status_code=500)


@app.post("/stripe/webhook")
async def stripe_webhook(request: Request) -> Response:
    """Handle Stripe webhook events."""
    payload = await request.body()
    sig_header = request.headers.get("stripe-signature", "")

    try:
        result = Billing.handle_webhook_event(payload, sig_header)
        return Response(f"OK: {result['status']}", status_code=200)
    except Exception as e:
        logger.exception("Webhook error")
        return Response(f"Error: {e!s}", status_code=400)


@app.post("/queue/{job_id}/cancel")
def cancel_queue_item(request: Request, job_id: int) -> Response:
    """Cancel a pending queue item."""
    try:
        # Check if user is logged in
        user_id = request.session.get("user_id")
        if not user_id:
            return Response("Unauthorized", status_code=401)

        # Get job and verify ownership
        job = Core.Database.get_job_by_id(job_id)
        if job is None or job.get("user_id") != user_id:
            return Response("Forbidden", status_code=403)

        # Only allow canceling pending jobs
        if job.get("status") != "pending":
            return Response("Can only cancel pending jobs", status_code=400)

        # Update status to cancelled
        Core.Database.update_job_status(
            job_id,
            "cancelled",
            error="Cancelled by user",
        )

        # Return success with HTMX trigger to refresh
        return Response(
            "",
            status_code=200,
            headers={"HX-Trigger": "queue-updated"},
        )
    except (ValueError, KeyError) as e:
        return Response(
            f"Error cancelling job: {e!s}",
            status_code=500,
        )


app.delete("/queue/{job_id}")(Admin.delete_queue_item)
app.get("/admin/users")(Admin.admin_users)
app.post("/admin/users/{user_id}/status")(Admin.update_user_status)


class BaseWebTest(Test.TestCase):
    """Base class for web tests with database setup."""

    def setUp(self) -> None:
        """Set up test database and client."""
        Core.Database.init_db()
        # Create test client
        self.client = TestClient(app)

    @staticmethod
    def tearDown() -> None:
        """Clean up test database."""
        Core.Database.teardown()


class TestDurationFormatting(Test.TestCase):
    """Test duration formatting functionality."""

    def test_format_duration_minutes_only(self) -> None:
        """Test formatting durations less than an hour."""
        self.assertEqual(UI.format_duration(60), "1m")
        self.assertEqual(UI.format_duration(240), "4m")
        self.assertEqual(UI.format_duration(300), "5m")
        self.assertEqual(UI.format_duration(3599), "60m")

    def test_format_duration_hours_and_minutes(self) -> None:
        """Test formatting durations with hours and minutes."""
        self.assertEqual(UI.format_duration(3600), "1h")
        self.assertEqual(UI.format_duration(3840), "1h 4m")
        self.assertEqual(UI.format_duration(11520), "3h 12m")
        self.assertEqual(UI.format_duration(7320), "2h 2m")

    def test_format_duration_round_up(self) -> None:
        """Test that seconds are rounded up to nearest minute."""
        self.assertEqual(UI.format_duration(61), "2m")
        self.assertEqual(UI.format_duration(119), "2m")
        self.assertEqual(UI.format_duration(121), "3m")
        self.assertEqual(UI.format_duration(3601), "1h 1m")

    def test_format_duration_edge_cases(self) -> None:
        """Test edge cases for duration formatting."""
        self.assertEqual(UI.format_duration(None), "Unknown")
        self.assertEqual(UI.format_duration(0), "Unknown")
        self.assertEqual(UI.format_duration(-100), "Unknown")


class TestAuthentication(BaseWebTest):
    """Test authentication functionality."""

    def test_login_new_user_active(self) -> None:
        """New users should be created with active status."""
        response = self.client.post("/login", data={"email": "new@example.com"})
        self.assertEqual(response.status_code, 200)

        # Verify user was created with active status
        user = Core.Database.get_user_by_email(
            "new@example.com",
        )
        self.assertIsNotNone(user)
        if user is None:
            msg = "no user found"
            raise Test.TestError(msg)
        self.assertEqual(user.get("status"), "active")

    def test_login_active_user(self) -> None:
        """Active users should be able to login."""
        # Create user and set to active
        user_id, _ = Core.Database.create_user(
            "active@example.com",
        )
        Core.Database.update_user_status(user_id, "active")

        response = self.client.post(
            "/login",
            data={"email": "active@example.com"},
        )

        self.assertEqual(response.status_code, 200)
        self.assertIn("HX-Redirect", response.headers)

    def test_login_existing_pending_user(self) -> None:
        """Existing pending users should see the pending message."""
        # Create a pending user
        _user_id, _ = Core.Database.create_user(
            "pending@example.com",
            status="pending",
        )

        response = self.client.post(
            "/login",
            data={"email": "pending@example.com"},
        )

        self.assertEqual(response.status_code, 200)
        self.assertIn("Account created, currently pending", response.text)
        self.assertIn("ben@bensima.com", response.text)
        self.assertIn("@bensima", response.text)

    def test_login_disabled_user(self) -> None:
        """Disabled users should not be able to login."""
        # Create user and set to disabled
        user_id, _ = Core.Database.create_user(
            "disabled@example.com",
        )
        Core.Database.update_user_status(
            user_id,
            "disabled",
        )

        response = self.client.post(
            "/login",
            data={"email": "disabled@example.com"},
        )

        self.assertEqual(response.status_code, 200)
        self.assertIn("Account created, currently pending", response.text)

    def test_login_invalid_email(self) -> None:
        """Reject malformed emails."""
        response = self.client.post("/login", data={"email": ""})

        self.assertEqual(response.status_code, 400)
        self.assertIn("Email is required", response.text)

    def test_session_persistence(self) -> None:
        """Verify session across requests."""
        # Create active user
        _user_id, _ = Core.Database.create_user(
            "test@example.com",
            status="active",
        )
        # Login
        self.client.post("/login", data={"email": "test@example.com"})

        # Access protected page
        response = self.client.get("/")

        # Should see logged-in content
        self.assertIn("Logged in as:", response.text)
        self.assertIn("test@example.com", response.text)

    def test_protected_routes_pending_user(self) -> None:
        """Pending users should not access protected routes."""
        # Create pending user
        Core.Database.create_user("pending@example.com", status="pending")

        # Try to login
        response = self.client.post(
            "/login",
            data={"email": "pending@example.com"},
        )
        self.assertEqual(response.status_code, 200)

        # Should not have session
        response = self.client.get("/")
        self.assertNotIn("Logged in as:", response.text)

    def test_protected_routes(self) -> None:
        """Ensure auth required for user actions."""
        # Try to submit without login
        response = self.client.post(
            "/submit",
            data={"url": "https://example.com"},
        )

        self.assertIn("Please login first", response.text)


class TestArticleSubmission(BaseWebTest):
    """Test article submission functionality."""

    def setUp(self) -> None:
        """Set up test client with logged-in user."""
        super().setUp()
        # Create active user and login
        user_id, _ = Core.Database.create_user(
            "test@example.com",
        )
        Core.Database.update_user_status(user_id, "active")
        self.client.post("/login", data={"email": "test@example.com"})

    def test_submit_valid_url(self) -> None:
        """Accept well-formed URLs."""
        response = self.client.post(
            "/submit",
            data={"url": "https://example.com/article"},
        )

        self.assertEqual(response.status_code, 200)
        self.assertIn("Article submitted successfully", response.text)
        self.assertIn("Job ID:", response.text)

    def test_submit_invalid_url(self) -> None:
        """Reject malformed URLs."""
        response = self.client.post("/submit", data={"url": "not-a-url"})

        self.assertIn("Invalid URL format", response.text)

    def test_submit_without_auth(self) -> None:
        """Reject unauthenticated submissions."""
        # Clear session
        self.client.get("/logout")

        response = self.client.post(
            "/submit",
            data={"url": "https://example.com"},
        )

        self.assertIn("Please login first", response.text)

    def test_submit_creates_job(self) -> None:
        """Verify job creation in database."""
        response = self.client.post(
            "/submit",
            data={"url": "https://example.com/test"},
        )

        # Extract job ID from response
        match = re.search(r"Job ID: (\d+)", response.text)
        self.assertIsNotNone(match)
        if match is None:
            self.fail("Job ID not found in response")
        job_id = int(match.group(1))

        # Verify job in database
        job = Core.Database.get_job_by_id(job_id)
        self.assertIsNotNone(job)
        if job is None:  # Type guard for mypy
            self.fail("Job should not be None")
        self.assertEqual(job["url"], "https://example.com/test")
        self.assertEqual(job["status"], "pending")

    def test_htmx_response(self) -> None:
        """Ensure proper HTMX response format."""
        response = self.client.post(
            "/submit",
            data={"url": "https://example.com"},
        )

        # Should return HTML fragment, not full page
        self.assertNotIn("<!DOCTYPE", response.text)
        self.assertIn("<div", response.text)


class TestRSSFeed(BaseWebTest):
    """Test RSS feed generation."""

    def setUp(self) -> None:
        """Set up test client and create test data."""
        super().setUp()

        # Create user and episodes
        self.user_id, self.token = Core.Database.create_user(
            "test@example.com",
        )
        Core.Database.update_user_status(
            self.user_id,
            "active",
        )

        # Create test episodes
        Core.Database.create_episode(
            "Episode 1",
            "https://example.com/ep1.mp3",
            300,
            5000,
            self.user_id,
        )
        Core.Database.create_episode(
            "Episode 2",
            "https://example.com/ep2.mp3",
            600,
            10000,
            self.user_id,
        )

    def test_feed_generation(self) -> None:
        """Generate valid RSS XML."""
        response = self.client.get(f"/feed/{self.token}.xml")

        self.assertEqual(response.status_code, 200)
        self.assertEqual(
            response.headers["content-type"],
            "application/rss+xml; charset=utf-8",
        )

        # Verify RSS structure
        self.assertIn("<?xml", response.text)
        self.assertIn("<rss", response.text)
        self.assertIn("<channel>", response.text)
        self.assertIn("<item>", response.text)

    def test_feed_user_isolation(self) -> None:
        """Only show user's episodes."""
        # Create another user with episodes
        user2_id, _ = Core.Database.create_user(
            "other@example.com",
        )
        Core.Database.create_episode(
            "Other Episode",
            "https://example.com/other.mp3",
            400,
            6000,
            user2_id,
        )

        # Get first user's feed
        response = self.client.get(f"/feed/{self.token}.xml")

        # Should only have user's episodes
        self.assertIn("Episode 1", response.text)
        self.assertIn("Episode 2", response.text)
        self.assertNotIn("Other Episode", response.text)

    def test_feed_invalid_token(self) -> None:
        """Return 404 for bad tokens."""
        response = self.client.get("/feed/invalid-token.xml")

        self.assertEqual(response.status_code, 404)

    def test_feed_metadata(self) -> None:
        """Verify personalized feed titles."""
        response = self.client.get(f"/feed/{self.token}.xml")

        # Should personalize based on email
        self.assertIn("Test's Article Podcast", response.text)
        self.assertIn("test@example.com", response.text)

    def test_feed_episode_order(self) -> None:
        """Ensure reverse chronological order."""
        response = self.client.get(f"/feed/{self.token}.xml")

        # Episode 2 should appear before Episode 1
        ep2_pos = response.text.find("Episode 2")
        ep1_pos = response.text.find("Episode 1")
        self.assertLess(ep2_pos, ep1_pos)

    def test_feed_enclosures(self) -> None:
        """Verify audio URLs and metadata."""
        response = self.client.get(f"/feed/{self.token}.xml")

        # Check enclosure tags
        self.assertIn("<enclosure", response.text)
        self.assertIn('type="audio/mpeg"', response.text)
        self.assertIn("https://example.com/ep1.mp3", response.text)
        self.assertIn("https://example.com/ep2.mp3", response.text)


class TestAdminInterface(BaseWebTest):
    """Test admin interface functionality."""

    def setUp(self) -> None:
        """Set up test client with logged-in user."""
        super().setUp()

        # Create and login admin user
        self.user_id, _ = Core.Database.create_user(
            "ben@bensima.com",
        )
        Core.Database.update_user_status(
            self.user_id,
            "active",
        )
        self.client.post("/login", data={"email": "ben@bensima.com"})

        # Create test data
        self.job_id = Core.Database.add_to_queue(
            "https://example.com/test",
            "ben@bensima.com",
            self.user_id,
        )

    def test_queue_status_view(self) -> None:
        """Verify queue display."""
        response = self.client.get("/admin")

        self.assertEqual(response.status_code, 200)
        self.assertIn("Queue Status", response.text)
        self.assertIn("https://example.com/test", response.text)

    def test_retry_action(self) -> None:
        """Test retry button functionality."""
        # Set job to error state
        Core.Database.update_job_status(
            self.job_id,
            "error",
            "Failed",
        )

        # Retry
        response = self.client.post(f"/queue/{self.job_id}/retry")

        self.assertEqual(response.status_code, 200)
        self.assertIn("HX-Redirect", response.headers)

        # Job should be pending again
        job = Core.Database.get_job_by_id(self.job_id)
        self.assertIsNotNone(job)
        if job is not None:
            self.assertEqual(job["status"], "pending")

    def test_delete_action(self) -> None:
        """Test delete button functionality."""
        response = self.client.delete(f"/queue/{self.job_id}")

        self.assertEqual(response.status_code, 200)
        self.assertIn("HX-Redirect", response.headers)

        # Job should be gone
        job = Core.Database.get_job_by_id(self.job_id)
        self.assertIsNone(job)

    def test_user_data_isolation(self) -> None:
        """Ensure admin sees all data."""
        # Create another user's job
        user2_id, _ = Core.Database.create_user(
            "other@example.com",
        )
        Core.Database.add_to_queue(
            "https://example.com/other",
            "other@example.com",
            user2_id,
        )

        # View queue status as admin
        response = self.client.get("/admin")

        # Admin should see all jobs
        self.assertIn("https://example.com/test", response.text)
        self.assertIn("https://example.com/other", response.text)

    def test_status_summary(self) -> None:
        """Verify status counts display."""
        # Create jobs with different statuses
        Core.Database.update_job_status(
            self.job_id,
            "error",
            "Failed",
        )
        job2 = Core.Database.add_to_queue(
            "https://example.com/2",
            "test@example.com",
            self.user_id,
        )
        Core.Database.update_job_status(
            job2,
            "processing",
        )

        response = self.client.get("/admin")

        # Should show status counts
        self.assertIn("ERROR: 1", response.text)
        self.assertIn("PROCESSING: 1", response.text)


class TestJobCancellation(BaseWebTest):
    """Test job cancellation functionality."""

    def setUp(self) -> None:
        """Set up test client with logged-in user and pending job."""
        super().setUp()

        # Create and login user
        self.user_id, _ = Core.Database.create_user(
            "test@example.com",
        )
        Core.Database.update_user_status(
            self.user_id,
            "active",
        )
        self.client.post("/login", data={"email": "test@example.com"})

        # Create pending job
        self.job_id = Core.Database.add_to_queue(
            "https://example.com/test",
            "test@example.com",
            self.user_id,
        )

    def test_cancel_pending_job(self) -> None:
        """Successfully cancel a pending job."""
        response = self.client.post(f"/queue/{self.job_id}/cancel")

        self.assertEqual(response.status_code, 200)
        self.assertIn("HX-Trigger", response.headers)
        self.assertEqual(response.headers["HX-Trigger"], "queue-updated")

        # Verify job status is cancelled
        job = Core.Database.get_job_by_id(self.job_id)
        self.assertIsNotNone(job)
        if job is not None:
            self.assertEqual(job["status"], "cancelled")
            self.assertEqual(job.get("error_message", ""), "Cancelled by user")

    def test_cannot_cancel_processing_job(self) -> None:
        """Prevent cancelling jobs that are already processing."""
        # Set job to processing
        Core.Database.update_job_status(
            self.job_id,
            "processing",
        )

        response = self.client.post(f"/queue/{self.job_id}/cancel")

        self.assertEqual(response.status_code, 400)
        self.assertIn("Can only cancel pending jobs", response.text)

    def test_cannot_cancel_completed_job(self) -> None:
        """Prevent cancelling completed jobs."""
        # Set job to completed
        Core.Database.update_job_status(
            self.job_id,
            "completed",
        )

        response = self.client.post(f"/queue/{self.job_id}/cancel")

        self.assertEqual(response.status_code, 400)

    def test_cannot_cancel_other_users_job(self) -> None:
        """Prevent users from cancelling other users' jobs."""
        # Create another user's job
        user2_id, _ = Core.Database.create_user(
            "other@example.com",
        )
        other_job_id = Core.Database.add_to_queue(
            "https://example.com/other",
            "other@example.com",
            user2_id,
        )

        # Try to cancel it
        response = self.client.post(f"/queue/{other_job_id}/cancel")

        self.assertEqual(response.status_code, 403)

    def test_cancel_without_auth(self) -> None:
        """Require authentication to cancel jobs."""
        # Logout
        self.client.get("/logout")

        response = self.client.post(f"/queue/{self.job_id}/cancel")

        self.assertEqual(response.status_code, 401)

    def test_cancel_button_visibility(self) -> None:
        """Cancel button only shows for pending jobs."""
        # Create jobs with different statuses
        processing_job = Core.Database.add_to_queue(
            "https://example.com/processing",
            "test@example.com",
            self.user_id,
        )
        Core.Database.update_job_status(
            processing_job,
            "processing",
        )

        # Get status view
        response = self.client.get("/status")

        # Should have cancel button for pending job
        self.assertIn(f'hx-post="/queue/{self.job_id}/cancel"', response.text)
        self.assertIn("Cancel", response.text)

        # Should NOT have cancel button for processing job
        self.assertNotIn(
            f'hx-post="/queue/{processing_job}/cancel"',
            response.text,
        )


def test() -> None:
    """Run all tests for the web module."""
    Test.run(
        App.Area.Test,
        [
            TestDurationFormatting,
            TestAuthentication,
            TestArticleSubmission,
            TestRSSFeed,
            TestAdminInterface,
            TestJobCancellation,
        ],
    )


def main() -> None:
    """Run the web server."""
    if "test" in sys.argv:
        test()
    else:
        # Initialize database on startup
        Core.Database.init_db()
        uvicorn.run(app, host="0.0.0.0", port=PORT)  # noqa: S104