from flask import Blueprint, Response, redirect, request
from sqlalchemy import select

from l4d2web.auth import require_admin
from l4d2web.db import session_scope
from l4d2web.models import Overlay
from l4d2web.services.security import validate_overlay_path


bp = Blueprint("overlay", __name__)


@bp.post("/admin/overlays")
@require_admin
def create_overlay() -> Response:
    name = request.form.get("name", "").strip()
    raw_path = request.form.get("path", "").strip()
    if not name or not raw_path:
        return Response("missing fields", status=400)

    try:
        validated_path = validate_overlay_path(raw_path)
    except ValueError as exc:
        return Response(str(exc), status=400)

    with session_scope() as db:
        existing = db.scalar(select(Overlay).where(Overlay.name == name))
        if existing is not None:
            return Response("overlay already exists", status=409)
        db.add(Overlay(name=name, path=str(validated_path)))

    return redirect("/admin/overlays")