breakpilot-compliance/backend-compliance/compliance/api/banner_routes.py

"""
Banner Consent Routes — Device-basierte Cookie-Consents fuer Kunden-Websites.

Public SDK-Endpoints (fuer Einbettung) + Admin-Endpoints (Konfiguration & Stats).
"""

import uuid
import hashlib
from datetime import datetime, timedelta, timezone
from typing import Optional, List

from fastapi import APIRouter, Depends, HTTPException, Query, Header
from pydantic import BaseModel
from sqlalchemy.orm import Session

from classroom_engine.database import get_db
from ..db.banner_models import (
    BannerConsentDB, BannerConsentAuditLogDB,
    BannerSiteConfigDB, BannerCategoryConfigDB, BannerVendorConfigDB,
)

router = APIRouter(prefix="/banner", tags=["compliance-banner"])

DEFAULT_TENANT = "9282a473-5c95-4b3a-bf78-0ecc0ec71d3e"


# =============================================================================
# Schemas
# =============================================================================

class ConsentCreate(BaseModel):
    site_id: str
    device_fingerprint: str
    categories: List[str] = []
    vendors: List[str] = []
    ip_address: Optional[str] = None
    user_agent: Optional[str] = None
    consent_string: Optional[str] = None


class SiteConfigCreate(BaseModel):
    site_id: str
    site_name: Optional[str] = None
    site_url: Optional[str] = None
    banner_title: Optional[str] = None
    banner_description: Optional[str] = None
    privacy_url: Optional[str] = None
    imprint_url: Optional[str] = None
    dsb_name: Optional[str] = None
    dsb_email: Optional[str] = None
    theme: Optional[dict] = None
    tcf_enabled: bool = False


class SiteConfigUpdate(BaseModel):
    site_name: Optional[str] = None
    site_url: Optional[str] = None
    banner_title: Optional[str] = None
    banner_description: Optional[str] = None
    privacy_url: Optional[str] = None
    imprint_url: Optional[str] = None
    dsb_name: Optional[str] = None
    dsb_email: Optional[str] = None
    theme: Optional[dict] = None
    tcf_enabled: Optional[bool] = None
    is_active: Optional[bool] = None


class CategoryConfigCreate(BaseModel):
    category_key: str
    name_de: str
    name_en: Optional[str] = None
    description_de: Optional[str] = None
    description_en: Optional[str] = None
    is_required: bool = False
    sort_order: int = 0


class VendorConfigCreate(BaseModel):
    vendor_name: str
    vendor_url: Optional[str] = None
    category_key: str
    description_de: Optional[str] = None
    description_en: Optional[str] = None
    cookie_names: List[str] = []
    retention_days: int = 365


# =============================================================================
# Helpers
# =============================================================================

def _get_tenant(x_tenant_id: Optional[str] = Header(None, alias='X-Tenant-ID')) -> str:
    return x_tenant_id or DEFAULT_TENANT


def _hash_ip(ip: Optional[str]) -> Optional[str]:
    if not ip:
        return None
    return hashlib.sha256(ip.encode()).hexdigest()[:16]


def _consent_to_dict(c: BannerConsentDB) -> dict:
    return {
        "id": str(c.id),
        "site_id": c.site_id,
        "device_fingerprint": c.device_fingerprint,
        "categories": c.categories or [],
        "vendors": c.vendors or [],
        "ip_hash": c.ip_hash,
        "consent_string": c.consent_string,
        "expires_at": c.expires_at.isoformat() if c.expires_at else None,
        "created_at": c.created_at.isoformat() if c.created_at else None,
        "updated_at": c.updated_at.isoformat() if c.updated_at else None,
    }


def _site_config_to_dict(s: BannerSiteConfigDB) -> dict:
    return {
        "id": str(s.id),
        "site_id": s.site_id,
        "site_name": s.site_name,
        "site_url": s.site_url,
        "banner_title": s.banner_title,
        "banner_description": s.banner_description,
        "privacy_url": s.privacy_url,
        "imprint_url": s.imprint_url,
        "dsb_name": s.dsb_name,
        "dsb_email": s.dsb_email,
        "theme": s.theme or {},
        "tcf_enabled": s.tcf_enabled,
        "is_active": s.is_active,
        "created_at": s.created_at.isoformat() if s.created_at else None,
        "updated_at": s.updated_at.isoformat() if s.updated_at else None,
    }


def _category_to_dict(c: BannerCategoryConfigDB) -> dict:
    return {
        "id": str(c.id),
        "site_config_id": str(c.site_config_id),
        "category_key": c.category_key,
        "name_de": c.name_de,
        "name_en": c.name_en,
        "description_de": c.description_de,
        "description_en": c.description_en,
        "is_required": c.is_required,
        "sort_order": c.sort_order,
        "is_active": c.is_active,
    }


def _vendor_to_dict(v: BannerVendorConfigDB) -> dict:
    return {
        "id": str(v.id),
        "site_config_id": str(v.site_config_id),
        "vendor_name": v.vendor_name,
        "vendor_url": v.vendor_url,
        "category_key": v.category_key,
        "description_de": v.description_de,
        "description_en": v.description_en,
        "cookie_names": v.cookie_names or [],
        "retention_days": v.retention_days,
        "is_active": v.is_active,
    }


def _log_banner_audit(db, tenant_id, consent_id, action, site_id, device_fingerprint=None, categories=None, ip_hash=None):
    entry = BannerConsentAuditLogDB(
        tenant_id=tenant_id,
        consent_id=consent_id,
        action=action,
        site_id=site_id,
        device_fingerprint=device_fingerprint,
        categories=categories or [],
        ip_hash=ip_hash,
    )
    db.add(entry)
    return entry


# =============================================================================
# Public SDK Endpoints (fuer Einbettung in Kunden-Websites)
# =============================================================================

@router.post("/consent")
async def record_consent(
    body: ConsentCreate,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Record device consent (upsert by site_id + device_fingerprint)."""
    tid = uuid.UUID(tenant_id)
    ip_hash = _hash_ip(body.ip_address)

    # Upsert: check existing
    existing = db.query(BannerConsentDB).filter(
        BannerConsentDB.tenant_id == tid,
        BannerConsentDB.site_id == body.site_id,
        BannerConsentDB.device_fingerprint == body.device_fingerprint,
    ).first()

    if existing:
        existing.categories = body.categories
        existing.vendors = body.vendors
        existing.ip_hash = ip_hash
        existing.user_agent = body.user_agent
        existing.consent_string = body.consent_string
        existing.expires_at = datetime.now(timezone.utc) + timedelta(days=365)
        existing.updated_at = datetime.now(timezone.utc)
        db.flush()

        _log_banner_audit(
            db, tid, existing.id, "consent_updated",
            body.site_id, body.device_fingerprint, body.categories, ip_hash,
        )
        db.commit()
        db.refresh(existing)
        return _consent_to_dict(existing)

    consent = BannerConsentDB(
        tenant_id=tid,
        site_id=body.site_id,
        device_fingerprint=body.device_fingerprint,
        categories=body.categories,
        vendors=body.vendors,
        ip_hash=ip_hash,
        user_agent=body.user_agent,
        consent_string=body.consent_string,
        expires_at=datetime.now(timezone.utc) + timedelta(days=365),
    )
    db.add(consent)
    db.flush()

    _log_banner_audit(
        db, tid, consent.id, "consent_given",
        body.site_id, body.device_fingerprint, body.categories, ip_hash,
    )
    db.commit()
    db.refresh(consent)
    return _consent_to_dict(consent)


@router.get("/consent")
async def get_consent(
    site_id: str = Query(...),
    device_fingerprint: str = Query(...),
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Retrieve consent for a device."""
    tid = uuid.UUID(tenant_id)
    consent = db.query(BannerConsentDB).filter(
        BannerConsentDB.tenant_id == tid,
        BannerConsentDB.site_id == site_id,
        BannerConsentDB.device_fingerprint == device_fingerprint,
    ).first()

    if not consent:
        return {"has_consent": False, "consent": None}

    return {"has_consent": True, "consent": _consent_to_dict(consent)}


@router.delete("/consent/{consent_id}")
async def withdraw_consent(
    consent_id: str,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Withdraw a banner consent."""
    tid = uuid.UUID(tenant_id)
    try:
        cid = uuid.UUID(consent_id)
    except ValueError:
        raise HTTPException(status_code=400, detail="Invalid consent ID")

    consent = db.query(BannerConsentDB).filter(
        BannerConsentDB.id == cid,
        BannerConsentDB.tenant_id == tid,
    ).first()
    if not consent:
        raise HTTPException(status_code=404, detail="Consent not found")

    _log_banner_audit(
        db, tid, cid, "consent_withdrawn",
        consent.site_id, consent.device_fingerprint,
    )

    db.delete(consent)
    db.commit()
    return {"success": True, "message": "Consent withdrawn"}


@router.get("/config/{site_id}")
async def get_site_config(
    site_id: str,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Load site configuration for banner display."""
    tid = uuid.UUID(tenant_id)
    config = db.query(BannerSiteConfigDB).filter(
        BannerSiteConfigDB.tenant_id == tid,
        BannerSiteConfigDB.site_id == site_id,
    ).first()

    if not config:
        return {
            "site_id": site_id,
            "banner_title": "Cookie-Einstellungen",
            "banner_description": "Wir verwenden Cookies, um Ihnen die bestmoegliche Erfahrung zu bieten.",
            "categories": [],
            "vendors": [],
        }

    categories = db.query(BannerCategoryConfigDB).filter(
        BannerCategoryConfigDB.site_config_id == config.id,
        BannerCategoryConfigDB.is_active,
    ).order_by(BannerCategoryConfigDB.sort_order).all()

    vendors = db.query(BannerVendorConfigDB).filter(
        BannerVendorConfigDB.site_config_id == config.id,
        BannerVendorConfigDB.is_active,
    ).all()

    result = _site_config_to_dict(config)
    result["categories"] = [_category_to_dict(c) for c in categories]
    result["vendors"] = [_vendor_to_dict(v) for v in vendors]
    return result


@router.get("/consent/export")
async def export_consent(
    site_id: str = Query(...),
    device_fingerprint: str = Query(...),
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """DSGVO export of all consent data for a device."""
    tid = uuid.UUID(tenant_id)

    consents = db.query(BannerConsentDB).filter(
        BannerConsentDB.tenant_id == tid,
        BannerConsentDB.site_id == site_id,
        BannerConsentDB.device_fingerprint == device_fingerprint,
    ).all()

    audit = db.query(BannerConsentAuditLogDB).filter(
        BannerConsentAuditLogDB.tenant_id == tid,
        BannerConsentAuditLogDB.site_id == site_id,
        BannerConsentAuditLogDB.device_fingerprint == device_fingerprint,
    ).order_by(BannerConsentAuditLogDB.created_at.desc()).all()

    return {
        "device_fingerprint": device_fingerprint,
        "site_id": site_id,
        "consents": [_consent_to_dict(c) for c in consents],
        "audit_trail": [
            {
                "id": str(a.id),
                "action": a.action,
                "categories": a.categories or [],
                "created_at": a.created_at.isoformat() if a.created_at else None,
            }
            for a in audit
        ],
    }


# =============================================================================
# Admin Endpoints
# =============================================================================

@router.get("/admin/stats/{site_id}")
async def get_site_stats(
    site_id: str,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Consent statistics per site."""
    tid = uuid.UUID(tenant_id)
    base = db.query(BannerConsentDB).filter(
        BannerConsentDB.tenant_id == tid,
        BannerConsentDB.site_id == site_id,
    )

    total = base.count()

    # Count category acceptance rates
    category_stats = {}
    all_consents = base.all()
    for c in all_consents:
        for cat in (c.categories or []):
            category_stats[cat] = category_stats.get(cat, 0) + 1

    return {
        "site_id": site_id,
        "total_consents": total,
        "category_acceptance": {
            cat: {"count": count, "rate": round(count / total * 100, 1) if total > 0 else 0}
            for cat, count in category_stats.items()
        },
    }


@router.get("/admin/sites")
async def list_site_configs(
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """List all site configurations."""
    tid = uuid.UUID(tenant_id)
    configs = db.query(BannerSiteConfigDB).filter(
        BannerSiteConfigDB.tenant_id == tid,
    ).order_by(BannerSiteConfigDB.created_at.desc()).all()
    return [_site_config_to_dict(c) for c in configs]


@router.post("/admin/sites")
async def create_site_config(
    body: SiteConfigCreate,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Create a site configuration."""
    tid = uuid.UUID(tenant_id)

    existing = db.query(BannerSiteConfigDB).filter(
        BannerSiteConfigDB.tenant_id == tid,
        BannerSiteConfigDB.site_id == body.site_id,
    ).first()
    if existing:
        raise HTTPException(status_code=409, detail=f"Site config for '{body.site_id}' already exists")

    config = BannerSiteConfigDB(
        tenant_id=tid,
        site_id=body.site_id,
        site_name=body.site_name,
        site_url=body.site_url,
        banner_title=body.banner_title or "Cookie-Einstellungen",
        banner_description=body.banner_description,
        privacy_url=body.privacy_url,
        imprint_url=body.imprint_url,
        dsb_name=body.dsb_name,
        dsb_email=body.dsb_email,
        theme=body.theme or {},
        tcf_enabled=body.tcf_enabled,
    )
    db.add(config)
    db.commit()
    db.refresh(config)
    return _site_config_to_dict(config)


@router.put("/admin/sites/{site_id}")
async def update_site_config(
    site_id: str,
    body: SiteConfigUpdate,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Update a site configuration."""
    tid = uuid.UUID(tenant_id)
    config = db.query(BannerSiteConfigDB).filter(
        BannerSiteConfigDB.tenant_id == tid,
        BannerSiteConfigDB.site_id == site_id,
    ).first()
    if not config:
        raise HTTPException(status_code=404, detail="Site config not found")

    for field in ["site_name", "site_url", "banner_title", "banner_description",
                   "privacy_url", "imprint_url", "dsb_name", "dsb_email",
                   "theme", "tcf_enabled", "is_active"]:
        val = getattr(body, field, None)
        if val is not None:
            setattr(config, field, val)

    config.updated_at = datetime.now(timezone.utc)
    db.commit()
    db.refresh(config)
    return _site_config_to_dict(config)


@router.delete("/admin/sites/{site_id}", status_code=204)
async def delete_site_config(
    site_id: str,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Delete a site configuration."""
    tid = uuid.UUID(tenant_id)
    config = db.query(BannerSiteConfigDB).filter(
        BannerSiteConfigDB.tenant_id == tid,
        BannerSiteConfigDB.site_id == site_id,
    ).first()
    if not config:
        raise HTTPException(status_code=404, detail="Site config not found")

    db.delete(config)
    db.commit()


# =============================================================================
# Admin Category Endpoints
# =============================================================================

@router.get("/admin/sites/{site_id}/categories")
async def list_categories(
    site_id: str,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """List categories for a site."""
    tid = uuid.UUID(tenant_id)
    config = db.query(BannerSiteConfigDB).filter(
        BannerSiteConfigDB.tenant_id == tid,
        BannerSiteConfigDB.site_id == site_id,
    ).first()
    if not config:
        raise HTTPException(status_code=404, detail="Site config not found")

    cats = db.query(BannerCategoryConfigDB).filter(
        BannerCategoryConfigDB.site_config_id == config.id,
    ).order_by(BannerCategoryConfigDB.sort_order).all()
    return [_category_to_dict(c) for c in cats]


@router.post("/admin/sites/{site_id}/categories")
async def create_category(
    site_id: str,
    body: CategoryConfigCreate,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Create a category for a site."""
    tid = uuid.UUID(tenant_id)
    config = db.query(BannerSiteConfigDB).filter(
        BannerSiteConfigDB.tenant_id == tid,
        BannerSiteConfigDB.site_id == site_id,
    ).first()
    if not config:
        raise HTTPException(status_code=404, detail="Site config not found")

    cat = BannerCategoryConfigDB(
        site_config_id=config.id,
        category_key=body.category_key,
        name_de=body.name_de,
        name_en=body.name_en,
        description_de=body.description_de,
        description_en=body.description_en,
        is_required=body.is_required,
        sort_order=body.sort_order,
    )
    db.add(cat)
    db.commit()
    db.refresh(cat)
    return _category_to_dict(cat)


@router.delete("/admin/categories/{category_id}", status_code=204)
async def delete_category(
    category_id: str,
    db: Session = Depends(get_db),
):
    """Delete a category."""
    try:
        cid = uuid.UUID(category_id)
    except ValueError:
        raise HTTPException(status_code=400, detail="Invalid category ID")

    cat = db.query(BannerCategoryConfigDB).filter(BannerCategoryConfigDB.id == cid).first()
    if not cat:
        raise HTTPException(status_code=404, detail="Category not found")

    db.delete(cat)
    db.commit()


# =============================================================================
# Admin Vendor Endpoints
# =============================================================================

@router.get("/admin/sites/{site_id}/vendors")
async def list_vendors(
    site_id: str,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """List vendors for a site."""
    tid = uuid.UUID(tenant_id)
    config = db.query(BannerSiteConfigDB).filter(
        BannerSiteConfigDB.tenant_id == tid,
        BannerSiteConfigDB.site_id == site_id,
    ).first()
    if not config:
        raise HTTPException(status_code=404, detail="Site config not found")

    vendors = db.query(BannerVendorConfigDB).filter(
        BannerVendorConfigDB.site_config_id == config.id,
    ).all()
    return [_vendor_to_dict(v) for v in vendors]


@router.post("/admin/sites/{site_id}/vendors")
async def create_vendor(
    site_id: str,
    body: VendorConfigCreate,
    tenant_id: str = Depends(_get_tenant),
    db: Session = Depends(get_db),
):
    """Create a vendor for a site."""
    tid = uuid.UUID(tenant_id)
    config = db.query(BannerSiteConfigDB).filter(
        BannerSiteConfigDB.tenant_id == tid,
        BannerSiteConfigDB.site_id == site_id,
    ).first()
    if not config:
        raise HTTPException(status_code=404, detail="Site config not found")

    vendor = BannerVendorConfigDB(
        site_config_id=config.id,
        vendor_name=body.vendor_name,
        vendor_url=body.vendor_url,
        category_key=body.category_key,
        description_de=body.description_de,
        description_en=body.description_en,
        cookie_names=body.cookie_names,
        retention_days=body.retention_days,
    )
    db.add(vendor)
    db.commit()
    db.refresh(vendor)
    return _vendor_to_dict(vendor)


@router.delete("/admin/vendors/{vendor_id}", status_code=204)
async def delete_vendor(
    vendor_id: str,
    db: Session = Depends(get_db),
):
    """Delete a vendor."""
    try:
        vid = uuid.UUID(vendor_id)
    except ValueError:
        raise HTTPException(status_code=400, detail="Invalid vendor ID")

    vendor = db.query(BannerVendorConfigDB).filter(BannerVendorConfigDB.id == vid).first()
    if not vendor:
        raise HTTPException(status_code=404, detail="Vendor not found")

    db.delete(vendor)
    db.commit()