from os import urandom
from typing import Tuple, Optional
from cryptography.fernet import Fernet, InvalidToken
from cryptography.hazmat.primitives.kdf.scrypt import Scrypt
import base64

with open("pwd_key.txt", "rb") as key_file:
    key = key_file.read().strip()
f = Fernet(key)

#TODO: properly set SQL blob sizes, they're constant
def __scrypt__(salt: bytes) -> Scrypt:
    return Scrypt(
        salt=salt,
        length=32,
        n=2**14,
        r=8,
        p=1,
    )

def new_password(password: bytes) -> Tuple[bytes, bytes]:
    salt = urandom(16)
    key = base64.urlsafe_b64encode(__scrypt__(salt).derive(password))
    f = Fernet(key)
    out = f.encrypt(password)
    return salt, out

def verify_password(stored_salt: bytes, stored_key: bytes, provided_password: bytes) -> bool:
    key = base64.urlsafe_b64encode(__scrypt__(stored_salt).derive(provided_password))
    f = Fernet(key)
    try:
        f.decrypt(stored_key)
        return True
    except InvalidToken:
        return False

if __name__ == "__main__":
    # helper script for inserting a new admin
    import db_connect
    username = input("Enter new username: ")
    password = input("Enter new password: ").encode()
    db = db_connect.DatabaseConnect()
    salt, key = new_password(password)
    db.create_user(username, salt, key, True)
    print(f"Created user {username}")