import bcrypt
from db import init_db, create_user, get_user_by_username

def hash_password(plain: str) -> bytes:
    return bcrypt.hashpw(plain.encode("utf-8"), bcrypt.gensalt())

def verify_password(plain: str, hashed: bytes) -> bool:
    try:
        return bcrypt.checkpw(plain.encode("utf-8"), hashed)
    except Exception:
        return False

def ensure_admin():
    # Ensure DB exists & default admin user
    init_db()
    if not get_user_by_username("admin"):
        pwd = "admin123"
        create_user("admin", hash_password(pwd), role="admin", is_active=True)
        return True, pwd
    return False, None