from fastapi import APIRouter, Depends, UploadFile, File, Form, HTTPException
from sqlmodel import Session, select
from app.db import get_session
from app.models import Evidence, User
from app.security import get_current_user, require_roles, WRITE_ROLES
from app.services.storage import save_upload
from app.services.audit import audit
router=APIRouter(prefix="/evidence", tags=["evidence"])
@router.get("")
def list_evidence(user:User=Depends(get_current_user), session:Session=Depends(get_session)):
    return session.exec(select(Evidence).where(Evidence.tenant_id==user.tenant_id).order_by(Evidence.created_at.desc())).all()
@router.post("")
async def upload_evidence(title:str=Form(...), description:str=Form(""), tags:str=Form(""), control_id:int|None=Form(None), file:UploadFile=File(...), user:User=Depends(require_roles(*WRITE_ROLES)), session:Session=Depends(get_session)):
    path,digest,size=await save_upload(user.tenant_id,file)
    prior=session.exec(select(Evidence).where(Evidence.tenant_id==user.tenant_id, Evidence.filename==(file.filename or ''))).all()
    ev=Evidence(tenant_id=user.tenant_id,title=title,description=description,filename=file.filename or '',content_type=file.content_type or '',storage_path=path,sha256=digest,version=len(prior)+1,tags=[t.strip() for t in tags.split(',') if t.strip()],control_id=control_id,owner_id=user.id)
    session.add(ev); session.commit(); session.refresh(ev); audit(session,user,"upload","evidence",ev.id,{"size":size}); session.commit(); return ev