from fastapi import HTTPException, Depends, Header
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from app.core.security import decode_token
from typing import Optional

security = HTTPBearer(auto_error=False)


async def get_current_user_id(
    authorization: Optional[str] = Header(None, alias="Authorization"),
    cred: Optional[HTTPAuthorizationCredentials] = Depends(security),
) -> str:
    token = None
    if cred:
        token = cred.credentials
    elif authorization and authorization.startswith("Bearer "):
        token = authorization[7:]

    if not token:
        raise HTTPException(status_code=401, detail="Missing or invalid token")

    payload = decode_token(token)
    if not payload:
        raise HTTPException(status_code=401, detail="Invalid or expired token")

    return payload.get("sub")


async def get_current_user(
    cred: HTTPAuthorizationCredentials = Depends(security),
) -> dict:
    if not cred:
        raise HTTPException(status_code=401, detail="Missing or invalid token")

    payload = decode_token(cred.credentials)
    if not payload:
        raise HTTPException(status_code=401, detail="Invalid or expired token")

    return {
        "id": payload.get("sub"),
        "tier": payload.get("tier", "free"),
        "role": payload.get("role", "user"),
    }