"""Authentication routes for admin access."""
from __future__ import annotations

from flask import Blueprint, flash, redirect, render_template, request, session, url_for

from .. import settings

bp = Blueprint("auth", __name__, url_prefix="/auth")


@bp.route("/login", methods=["GET", "POST"])
def login():
    """Handle user login."""
    if request.method == "POST":
        username = request.form.get("username")
        password = request.form.get("password")

        if username == settings.ADMIN_USERNAME and password == settings.ADMIN_PASSWORD:
            session["logged_in"] = True
            return redirect("/admin/")
        else:
            flash("Invalid credentials")

    return render_template("login.html")


@bp.route("/logout")
def logout():
    """Handle user logout."""
    session.pop("logged_in", None)
    return redirect("/auth/login")