from django.shortcuts import render, redirect
from django.contrib import messages
from django.views.decorators.http import require_http_methods


@require_http_methods(["GET", "POST"])
def csp_roi_calculator(request):
    """
    CSP ROI Calculator - Protected view with password authentication
    Provides a comprehensive ROI calculation tool for cloud provider investors
    """
    # Handle logout
    if request.method == "POST" and request.POST.get("logout"):
        request.session.pop("csp_calculator_authenticated", None)
        return redirect("services:csp_roi_calculator")

    # Simple password protection - check if authenticated in session
    if not request.session.get("csp_calculator_authenticated", False):
        if request.method == "POST":
            password = request.POST.get("password", "")
            # Simple password check - in production, this should be more secure
            if password == "servala2025":  # TODO: Move to environment variable
                request.session["csp_calculator_authenticated"] = True
                return redirect("services:csp_roi_calculator")
            else:
                messages.error(request, "Invalid password. Please try again.")

        # Show password form
        return render(request, "calculator/password_form.html")

    # User is authenticated, show the calculator
    context = {
        "page_title": "CSP ROI Calculator",
        "page_description": "Calculate potential returns from investing in Servala platform",
    }

    return render(request, "calculator/csp_roi_calculator.html", context)