from typing import Dict
from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
from api.core.security import verify_supabase_token, extract_user_from_token


security = HTTPBearer()


async def get_current_user(
    credentials: HTTPAuthorizationCredentials = Depends(security),
) -> Dict:
    """
    Dependency to get the current authenticated user from Supabase JWT token.
    
    Raises:
        HTTPException: If token is invalid or missing
        
    Returns:
        User dictionary with id, email, role, etc.
    """
    token = credentials.credentials
    payload = verify_supabase_token(token)
    user = extract_user_from_token(payload)
    return user


async def get_current_admin(user: Dict = Depends(get_current_user)) -> Dict:
    """
    Dependency to ensure current user has admin role.
    
    Raises:
        HTTPException: If user is not an admin
        
    Returns:
        User dictionary
    """
    if user.get("role") not in ["admin", "superadmin"]:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Only administrators can access this resource",
        )
    return user