"""User model — Better Auth-managed.

The `user` table is owned by Better Auth: BA's `pnpm dlx auth migrate` is the
source of truth for schema. This file exposes a read-only SQLModel binding
that the Python codebase uses for queries and FK targets. It MUST NOT define
new columns or evolve the schema; do that via Better Auth instead.

The previous Clerk-coupled helpers (`USER_AUTH_UPSERT_COLUMNS`,
`build_user_auth_upsert_payload`, etc.) are removed. Better Auth writes user
rows directly on sign-up — the Python backend never upserts users.
"""

from datetime import datetime
from typing import Any, cast

from sqlalchemy import Column
from sqlalchemy.dialects.postgresql import TIMESTAMP
from sqlmodel import Field, SQLModel


def _ts_column(name: str) -> Any:
    return Column(name, TIMESTAMP(timezone=True), nullable=False)


class User(SQLModel, table=True):
    __tablename__ = cast(Any, "user")
    __table_args__ = {"info": {"managed_by": "better-auth"}}

    id: str = Field(primary_key=True)
    name: str = Field(nullable=False)
    email: str = Field(unique=True, nullable=False)
    email_verified: bool = Field(
        nullable=False,
        default=False,
        sa_column_kwargs={"name": "emailVerified"},
    )
    image: str | None = Field(default=None)
    created_at: datetime = Field(sa_column=_ts_column("createdAt"))
    updated_at: datetime = Field(sa_column=_ts_column("updatedAt"))


class UserRead(SQLModel):
    """API response shape for user data exposed to the frontend."""

    id: str
    name: str
    email: str
    email_verified: bool
    image: str | None = None