#!/usr/bin/env python3
"""
Script to hash existing plain text passwords in the database.
Run this once after deploying password hashing to migrate existing users.
"""

import sys
import os
sys.path.append(os.path.dirname(os.path.dirname(os.path.abspath(__file__))))

from werkzeug.security import generate_password_hash
from tinydb import Query
from db.db import users_db
from models.user import User

def main():
    users = users_db.all()
    updated_count = 0

    for user_dict in users:
        user = User.from_dict(user_dict)
        # Check if password is already hashed (starts with scrypt: or $pbkdf2-sha256$)
        if not (user.password.startswith('scrypt:') or user.password.startswith('$pbkdf2-sha256$')):
            # Hash the plain text password
            user.password = generate_password_hash(user.password)
            # Update in database
            users_db.update(user.to_dict(), Query().id == user.id)
            updated_count += 1
            print(f"Hashed password for user {user.email}")
        else:
            print(f"Password already hashed for user {user.email}")

    print(f"Migration complete. Updated {updated_count} users.")

if __name__ == '__main__':
    from tinydb import Query
    main()