from fastapi import Depends, HTTPException, Request
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy import select

from app.core.db import get_session
from app.core.security import read_session_token, SESSION_COOKIE
from app.models.user import User

async def db_session() -> AsyncSession:
    async for s in get_session():
        yield s

async def get_current_user(request: Request, session: AsyncSession = Depends(db_session)) -> User:
    token = request.cookies.get(SESSION_COOKIE)
    if not token:
        raise HTTPException(status_code=401, detail="Not authenticated")
    uid = read_session_token(token)
    if not uid:
        raise HTTPException(status_code=401, detail="Invalid session")
    res = await session.execute(select(User).where(User.id == uid))
    user = res.scalar_one_or_none()
    if not user or not user.is_active:
        raise HTTPException(status_code=401, detail="User inactive")
    return user

def require_admin(user: User) -> None:
    if user.role != "admin":
        raise HTTPException(status_code=403, detail="Admin only")