import logging
from datetime import datetime

from fastapi import APIRouter, Depends, HTTPException

from app.modules.auth.service import auth_service
from core.database import User

logger = logging.getLogger(__name__)

router = APIRouter()


async def require_admin(
    current_user: User = Depends(auth_service.get_current_user),
) -> User:
    if str(current_user.role).upper() not in [
        "ADMIN",
        "SUPER_ADMIN",
        "admin",
        "super_admin",
    ]:
        logger.warning(f"User {current_user.id} denied admin access")
        raise HTTPException(status_code=403, detail="Admin access required")
    return current_user


@router.get("/system/status")
async def get_system_status(admin: User = Depends(require_admin)):
    """Admin-only system status check"""
    return {
        "status": "operational",
        "timestamp": datetime.utcnow().isoformat(),
        "admin": admin.email,
    }


# Ported performance and cache endpoints would go here,
# but they often depend on infrastructure services we are moving later.
# For now, we maintain the structure.