# blog/views.py

from rest_framework import generics, permissions
from rest_framework.exceptions import PermissionDenied
from .models import Post
from .serializers import PostSerializer
from .utils import verify_token_with_auth_server

class PostListView(generics.ListAPIView):
    queryset = Post.objects.all().order_by('-created_at')
    serializer_class = PostSerializer
    permission_classes = [permissions.AllowAny]

class PostListCreateView(generics.ListCreateAPIView):
    queryset = Post.objects.all().order_by('-created_at')
    serializer_class = PostSerializer
    permission_classes = [permissions.IsAuthenticated]

    def perform_create(self, serializer):
        token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
        verify_token_with_auth_server(token)
        serializer.save(author_name=self.request.user.username)

# ✅ 조회, 수정, 삭제 전부 처리
class PostDetailView(generics.RetrieveUpdateDestroyAPIView):
    queryset = Post.objects.all()
    serializer_class = PostSerializer

    def get_permissions(self):
        if self.request.method in ["PUT", "PATCH", "DELETE"]:
            return [permissions.IsAuthenticated()]
        return [permissions.AllowAny()]

    def perform_update(self, serializer):
        token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
        verify_token_with_auth_server(token)

        if serializer.instance.author_name != self.request.user.username:
            raise PermissionDenied("작성자만 수정할 수 있습니다.")
        serializer.save()

    def perform_destroy(self, instance):
        token = self.request.headers.get("Authorization", "").replace("Bearer ", "")
        verify_token_with_auth_server(token)

        if instance.author_name != self.request.user.username:
            raise PermissionDenied("작성자만 삭제할 수 있습니다.")
        instance.delete()