from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from jose import JWTError
from sqlalchemy.orm import Session
from .database import get_db
from .security import decode_token
from . import models

bearer_scheme = HTTPBearer(auto_error=False)


def _get_token(credentials: HTTPAuthorizationCredentials | None = Depends(bearer_scheme)) -> str:
    if credentials is None:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Token lipsă")
    return credentials.credentials


def get_current_user(
    token: str = Depends(_get_token),
    db: Session = Depends(get_db),
) -> models.User:
    exc = HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Token invalid")
    try:
        payload = decode_token(token)
        if payload.get("user_type") != "student":
            raise exc
        user_id: str = payload.get("sub", "")
    except JWTError:
        raise exc

    user = db.query(models.User).filter(models.User.id == user_id).first()
    if not user or not user.is_active:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Utilizator inactiv sau inexistent")
    return user


def get_current_admin(
    token: str = Depends(_get_token),
    db: Session = Depends(get_db),
) -> models.Administrator:
    exc = HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Token invalid")
    try:
        payload = decode_token(token)
        if payload.get("user_type") != "admin":
            raise exc
        admin_id: str = payload.get("sub", "")
    except JWTError:
        raise exc

    admin = db.query(models.Administrator).filter(models.Administrator.id == admin_id).first()
    if not admin or not admin.is_active:
        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Admin inactiv sau inexistent")
    return admin