import json
import threading
import requests as req_lib
from flask import Flask, jsonify, request, Response
from playwright.sync_api import sync_playwright

app = Flask(__name__)

LOGIN_URL = "https://myaccount.draftkings.com/auth/login?product=dfs&returnPath=%2F&intendedSiteExp=CA-DK"
ME_URLS = [
    "https://api.draftkings.com/sites/US-DK/dashes/v1/dashes/siteNav/users/me.json?format=json&includeTickets=true",
    "https://api.draftkings.com/sites/CA-DK/dashes/v1/dashes/siteNav/users/me.json?format=json&includeTickets=true",
]
UA = (
    "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 "
    "(KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
)

_pw      = None
_browser = None
_lock    = threading.Lock()


def init_browser():
    global _pw, _browser
    _pw      = sync_playwright().start()
    _browser = _pw.chromium.launch(headless=True)
    print("[browser] Browser ready.")


def fetch_account(dk_cookies):
    """Use requests (not browser) to call me.json with the captured cookies."""
    jar = {c["name"]: c["value"] for c in dk_cookies}
    headers = {"User-Agent": UA, "Accept": "application/json"}
    for url in ME_URLS:
        try:
            r = req_lib.get(url, cookies=jar, headers=headers, timeout=8)
            if r.status_code == 200:
                return r.json()
        except Exception:
            pass
    return {"error": "account fetch failed"}


@app.route("/login", methods=["GET", "POST"])
def login():
    if request.method == "POST":
        data     = request.get_json(silent=True) or request.form
        email    = data.get("email")
        password = data.get("password")
    else:
        email    = request.args.get("email")
        password = request.args.get("password")

    if not email or not password:
        return jsonify({"error": "Missing 'email' or 'password'"}), 400

    with _lock:
        ctx  = _browser.new_context(user_agent=UA)
        page = ctx.new_page()
        captured = {}

        TARGET_MAP = {
            "login/credentials": "creds",
            "tokens/jwe":        "jwe",
        }

        def on_response(response):
            for pattern, key in TARGET_MAP.items():
                if pattern in response.url:
                    try:
                        try:    body = response.json()
                        except: body = response.text()
                        captured[key] = {"status": response.status, "body": body}
                    except Exception:
                        pass
                    break

        page.on("response", on_response)

        try:
            # ── 1. Load login page ────────────────────────────────────────
            page.goto(LOGIN_URL, wait_until="domcontentloaded", timeout=60000)
            page.locator("#login-username-input").wait_for(timeout=15000)

            # ── 2. Fill & click ───────────────────────────────────────────
            page.locator("#login-username-input").fill(email)
            page.locator("#login-password-input").fill(password)
            page.locator("button").filter(has_text="Log In").first.click()

            # ── 3. Wait for credentials response (max 15 s) ───────────────
            for _ in range(150):
                if "creds" in captured:
                    break
                page.wait_for_timeout(100)

            # Wait a moment for jwe (usually fires right after creds)
            for _ in range(30):
                if "jwe" in captured:
                    break
                page.wait_for_timeout(100)

            # ── 4. Check success ──────────────────────────────────────────
            creds = captured.get("creds", {})
            success = (
                creds.get("status") == 200
                and isinstance(creds.get("body"), dict)
                and "requestToken" in creds.get("body", {})
            )

            if not success:
                return jsonify({
                    "email":   email,
                    "success": False,
                    "reason":  creds.get("body", "no response captured"),
                }), 401

            # ── 5. Grab DK cookies right after login (before SPA loads) ───
            dk_cookies = [
                c for c in ctx.cookies()
                if "draftkings.com" in c.get("domain", "")
            ]

            # ── 6. Fetch account info directly via requests (fast, ~1-2s) ─
            account_info = fetch_account(dk_cookies)

            # ── 7. Build response ─────────────────────────────────────────
            body = {
                "email":              email,
                "password":           password,
                "success":            True,
                "login_api_response": creds.get("body"),
                "jwe_api_response":   captured.get("jwe", {}).get("body", ""),
                "account":            account_info,
            }

            resp = Response(
                json.dumps(body, indent=2),
                status=200,
                mimetype="application/json"
            )
            for ck in dk_cookies:
                s = f"{ck['name']}={ck['value']}; Path={ck.get('path','/')}; Domain={ck['domain']}"
                if ck.get("httpOnly"): s += "; HttpOnly"
                if ck.get("secure"):   s += "; Secure"
                if ck.get("sameSite") and ck["sameSite"] != "None":
                    s += f"; SameSite={ck['sameSite']}"
                resp.headers.add("Set-Cookie", s)

            return resp

        except Exception as e:
            return jsonify({"error": str(e)}), 500

        finally:
            try: page.remove_listener("response", on_response)
            except: pass
            ctx.close()


if __name__ == "__main__":
    print("[app] Initializing browser...")
    init_browser()
    print("[app] Flask running on http://0.0.0.0:5000")
    print("[app] Usage: GET /login?email=you@example.com&password=secret")
    app.run(host="0.0.0.0", port=5000, threaded=False)