olivas/backend/app/dependencies.py

import logging

from fastapi import Depends, Header, HTTPException

from app.auth import CurrentUser, validate_token
from app.config import settings
from app.db.session import get_db

logger = logging.getLogger("olivas.auth")

_anonymous_user = CurrentUser(oid="default", name="Default User", email="")


async def get_current_user(authorization: str | None = Header(None)) -> CurrentUser:
    """Extract and validate the Bearer token from Authorization header."""
    if not settings.AZURE_AUTH_ENABLED:
        return _anonymous_user

    if not authorization:
        raise HTTPException(status_code=401, detail="Missing Authorization header")

    parts = authorization.split(" ", 1)
    if len(parts) != 2 or parts[0].lower() != "bearer":
        raise HTTPException(status_code=401, detail="Invalid Authorization header format")

    token = parts[1]
    try:
        return validate_token(token)
    except Exception as e:
        logger.warning(f"Token validation failed: {e}")
        raise HTTPException(status_code=401, detail="Invalid or expired token")


async def get_user_id(user: CurrentUser = Depends(get_current_user)) -> str:
    """Return the user's OID from the validated token."""
    return user.oid