# app/api/deps.py
"""Summary description ....

This module provides classes and functions for:
- ....
- ....
- ....
"""

from fastapi import Depends
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
from sqlalchemy.orm import Session

from app.core.database import get_db
from middleware.auth import AuthManager
from middleware.rate_limiter import RateLimiter
from models.database.vendor import Vendor
from models.database.user import User
from app.exceptions import (AdminRequiredException, VendorNotFoundException, UnauthorizedVendorAccessException)

# Set auto_error=False to prevent automatic 403 responses
security = HTTPBearer(auto_error=False)
auth_manager = AuthManager()
rate_limiter = RateLimiter()


def get_current_user(
    credentials: HTTPAuthorizationCredentials = Depends(security),
    db: Session = Depends(get_db),
):
    """Get current authenticated user."""
    # Check if credentials are provided
    if not credentials:
        from app.exceptions.auth import InvalidTokenException
        raise InvalidTokenException("Authorization header required")

    return auth_manager.get_current_user(db, credentials)



def get_current_admin_user(current_user: User = Depends(get_current_user)):
    """Require admin user."""
    return auth_manager.require_admin(current_user)


def get_user_vendor(
    vendor_code: str,
    current_user: User = Depends(get_current_user),
    db: Session = Depends(get_db),
):
    """Get vendor and verify user ownership."""
    vendor = db.query(Vendor).filter(Vendor.vendor_code == vendor_code.upper()).first()
    if not vendor:
        raise VendorNotFoundException(vendor_code)

    if current_user.role != "admin" and vendor.owner_user_id != current_user.id:
        raise UnauthorizedVendorAccessException(vendor_code, current_user.id)

    return vendor