from uuid import UUID

from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

from app.auth.service import AuthService

security = HTTPBearer()
auth_service = AuthService()


async def decode_jwt(
    credentials: HTTPAuthorizationCredentials = Depends(security),
) -> dict:
    """Decode JWT from Authorization header and return user claims."""
    token = credentials.credentials
    claims = auth_service.validate_token(token)
    if claims is None:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid or expired token",
        )
    if claims.get("type") != "access":
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid token type",
        )
    return {
        "user_id": UUID(claims["sub"]),
        "email": claims.get("email", ""),
        "role": claims.get("role", ""),
        "name": claims.get("name", ""),
    }