from flask import Flask, request, redirect, session
from authlib.integrations.flask_client import OAuth
import os

# Flask app setup
app = Flask(__name__)
app.secret_key = os.getenv("FLASK_SECRET_KEY")

# OAuth setup
oauth = OAuth(app)
azure = oauth.register(
    name='azure',
    client_id=os.getenv("AZURE_CLIENT_ID"),
    client_secret=os.getenv("AZURE_CLIENT_SECRET"),
    server_metadata_url=f"https://login.microsoftonline.com/{os.getenv('AZURE_TENANT_ID')}/v2.0/.well-known/openid-configuration",
    client_kwargs={"scope": "openid email profile"},
)

@app.route("/login")
def login():
    redirect_uri = os.getenv("REDIRECT_URI", "http://localhost:8501")
    return azure.authorize_redirect(redirect_uri)

@app.route("/callback")
def callback():
    token = azure.authorize_access_token()
    user = azure.parse_id_token(token)
    # You can save user info or session here
    return redirect("/")

@app.before_request
def auth_middleware():
    if request.endpoint not in ("login", "callback") and "user" not in session:
        return redirect("/login")