from werkzeug.security import check_password_hash, generate_password_hash

from app.database import get_db_connection


def create_user(username: str, password: str, role: str = "user") -> bool:
    conn = get_db_connection()
    existing = conn.execute(
        "SELECT id FROM users WHERE username = ?",
        (username,),
    ).fetchone()
    if existing is not None:
        conn.close()
        return False

    conn.execute(
        "INSERT INTO users (username, password_hash, role) VALUES (?, ?, ?)",
        (username, generate_password_hash(password), role),
    )
    conn.commit()
    conn.close()
    return True


def verify_basic_admin(username: str, password: str) -> bool:
    conn = get_db_connection()
    user = conn.execute(
        "SELECT password_hash, role FROM users WHERE username = ?",
        (username,),
    ).fetchone()
    conn.close()
    if user is None:
        return False
    return user["role"] == "admin" and check_password_hash(user["password_hash"], password)