src/app/api/dependencies.py

"""

FastAPI dependencies for authentication, services, and common utilities.



This module provides reusable dependencies for FastAPI endpoints,

including authentication, service injection, and request validation.

"""

import logging
from typing import Dict, Any, Optional
from fastapi import Depends, HTTPException, status, Request, Header
from redis.asyncio import Redis

from ..core.auth import verify_clerk_token, AuthenticationError, extract_bearer_token
from ..core.redis import get_redis
from ..services.video_service import VideoService
from ..services.job_service import JobService
from ..services.queue_service import QueueService
from ..services.file_service import FileService

logger = logging.getLogger(__name__)


async def get_current_user(

    authorization: Optional[str] = Header(None),

    redis_client: Redis = Depends(get_redis)

) -> Dict[str, Any]:
    """

    FastAPI dependency to get current authenticated user.

    

    Extracts and validates the Clerk session token from the Authorization header,

    then returns user information and token claims.

    

    Args:

        authorization: Authorization header with Bearer token

        redis_client: Redis client for caching user info

        

    Returns:

        Dict containing user information and token claims

        

    Raises:

        HTTPException: If authentication fails

    """
    try:
        if not authorization:
            raise AuthenticationError("Missing authorization header")
        
        # Extract bearer token
        token = extract_bearer_token(authorization)
        
        # Verify token and get user info
        auth_info = await verify_clerk_token(token)
        
        # Extract email safely for logging
        user_info = auth_info["user_info"]
        user_id = user_info.get("id", "unknown")
        
        # Extract email from email_addresses array if available
        email = user_info.get("email")
        if not email and "email_addresses" in user_info:
            email_addresses = user_info.get("email_addresses", [])
            if email_addresses:
                primary_email_id = user_info.get("primary_email_address_id")
                if primary_email_id:
                    primary_email = next((e for e in email_addresses if e.get("id") == primary_email_id), None)
                    if primary_email:
                        email = primary_email.get("email_address")
                # Fallback to first email
                if not email:
                    email = email_addresses[0].get("email_address")
        
        logger.debug(
            "User authenticated successfully",
            user_id=user_id,
            email=email or "no-email"
        )
        
        return auth_info
        
    except AuthenticationError as e:
        logger.warning(f"Authentication failed: {e}")
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail=str(e),
            headers={"WWW-Authenticate": "Bearer"}
        )
    except Exception as e:
        logger.error(f"Authentication error: {e}", exc_info=True)
        raise HTTPException(
            status_code=status.HTTP_500_INTERNAL_SERVER_ERROR,
            detail="Authentication service error"
        )


async def get_optional_user(

    authorization: Optional[str] = Header(None),

    redis_client: Redis = Depends(get_redis)

) -> Optional[Dict[str, Any]]:
    """

    FastAPI dependency to get current user if authenticated (optional).

    

    Similar to get_current_user but returns None if no authentication

    is provided instead of raising an exception.

    

    Args:

        authorization: Authorization header with Bearer token (optional)

        redis_client: Redis client for caching user info

        

    Returns:

        Dict containing user information or None if not authenticated

    """
    try:
        if not authorization:
            return None
        
        return await get_current_user(authorization, redis_client)
        
    except HTTPException:
        # Return None for optional authentication
        return None
    except Exception as e:
        logger.error(f"Optional authentication error: {e}", exc_info=True)
        return None


def get_video_service(

    redis_client: Redis = Depends(get_redis)

) -> VideoService:
    """

    FastAPI dependency to get VideoService instance.

    

    Args:

        redis_client: Redis client dependency

        

    Returns:

        VideoService instance

    """
    return VideoService(redis_client)


def get_job_service(

    redis_client: Redis = Depends(get_redis)

) -> JobService:
    """

    FastAPI dependency to get JobService instance.

    

    Args:

        redis_client: Redis client dependency

        

    Returns:

        JobService instance

    """
    return JobService(redis_client)


def get_queue_service(

    redis_client: Redis = Depends(get_redis)

) -> QueueService:
    """

    FastAPI dependency to get QueueService instance.

    

    Args:

        redis_client: Redis client dependency

        

    Returns:

        QueueService instance

    """
    return QueueService(redis_client)


def get_file_service(

    redis_client: Redis = Depends(get_redis)

) -> FileService:
    """

    FastAPI dependency to get FileService instance.

    

    Args:

        redis_client: Redis client dependency

        

    Returns:

        FileService instance

    """
    return FileService(redis_client)


class PaginationParams:
    """

    Pagination parameters for list endpoints.

    """
    
    def __init__(

        self,

        page: int = 1,

        items_per_page: int = 10,

        max_items_per_page: int = 100

    ):
        # Validate page number
        if page < 1:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail="Page number must be greater than 0"
            )
        
        # Validate items per page
        if items_per_page < 1:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail="Items per page must be greater than 0"
            )
        
        if items_per_page > max_items_per_page:
            raise HTTPException(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail=f"Items per page cannot exceed {max_items_per_page}"
            )
        
        self.page = page
        self.items_per_page = items_per_page
        self.offset = (page - 1) * items_per_page
    
    @property
    def limit(self) -> int:
        """Get limit for database queries."""
        return self.items_per_page


def get_pagination_params(

    page: int = 1,

    items_per_page: int = 10

) -> PaginationParams:
    """

    FastAPI dependency to get pagination parameters.

    

    Args:

        page: Page number (1-based)

        items_per_page: Number of items per page

        

    Returns:

        PaginationParams instance

        

    Raises:

        HTTPException: If parameters are invalid

    """
    return PaginationParams(page=page, items_per_page=items_per_page)


class JobFilters:
    """

    Filtering parameters for job list endpoints.

    """
    
    def __init__(

        self,

        status: Optional[str] = None,

        job_type: Optional[str] = None,

        priority: Optional[str] = None,

        created_after: Optional[str] = None,

        created_before: Optional[str] = None

    ):
        self.status = status
        self.job_type = job_type
        self.priority = priority
        self.created_after = created_after
        self.created_before = created_before
    
    def to_dict(self) -> Dict[str, Any]:
        """Convert filters to dictionary for service layer."""
        return {
            k: v for k, v in {
                "status": self.status,
                "job_type": self.job_type,
                "priority": self.priority,
                "created_after": self.created_after,
                "created_before": self.created_before
            }.items() if v is not None
        }


def get_job_filters(

    status: Optional[str] = None,

    job_type: Optional[str] = None,

    priority: Optional[str] = None,

    created_after: Optional[str] = None,

    created_before: Optional[str] = None

) -> JobFilters:
    """

    FastAPI dependency to get job filtering parameters.

    

    Args:

        status: Filter by job status

        job_type: Filter by job type

        priority: Filter by job priority

        created_after: Filter jobs created after this date (ISO format)

        created_before: Filter jobs created before this date (ISO format)

        

    Returns:

        JobFilters instance

    """
    return JobFilters(
        status=status,
        job_type=job_type,
        priority=priority,
        created_after=created_after,
        created_before=created_before
    )


def validate_job_ownership(

    job_user_id: str,

    current_user: Dict[str, Any]

) -> None:
    """

    Validate that the current user owns the specified job.

    

    Args:

        job_user_id: User ID from the job

        current_user: Current authenticated user

        

    Raises:

        HTTPException: If user doesn't own the job

    """
    if job_user_id != current_user["user_info"]["id"]:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Access denied: You don't own this resource"
        )


def validate_request_size(

    request: Request,

    max_size_mb: int = 10

) -> None:
    """

    Validate request content size.

    

    Args:

        request: FastAPI request object

        max_size_mb: Maximum allowed size in MB

        

    Raises:

        HTTPException: If request is too large

    """
    content_length = request.headers.get("content-length")
    if content_length:
        size_mb = int(content_length) / (1024 * 1024)
        if size_mb > max_size_mb:
            raise HTTPException(
                status_code=status.HTTP_413_REQUEST_ENTITY_TOO_LARGE,
                detail=f"Request too large. Maximum size: {max_size_mb}MB"
            )


async def rate_limit_check(

    current_user: Dict[str, Any],

    redis_client: Redis,

    operation: str,

    limit: int = 10,

    window_seconds: int = 60

) -> None:
    """

    Check rate limits for user operations.

    

    Args:

        current_user: Current authenticated user

        redis_client: Redis client for rate limit storage

        operation: Operation name for rate limiting

        limit: Maximum operations per window

        window_seconds: Time window in seconds

        

    Raises:

        HTTPException: If rate limit exceeded

    """
    user_id = current_user["user_info"]["id"]
    key = f"rate_limit:{user_id}:{operation}"
    
    try:
        # Get current count
        current_count = await redis_client.get(key)
        current_count = int(current_count) if current_count else 0
        
        if current_count >= limit:
            raise HTTPException(
                status_code=status.HTTP_429_TOO_MANY_REQUESTS,
                detail=f"Rate limit exceeded for {operation}. Try again later.",
                headers={"Retry-After": str(window_seconds)}
            )
        
        # Increment counter
        pipe = redis_client.pipeline()
        pipe.incr(key)
        pipe.expire(key, window_seconds)
        await pipe.execute()
        
    except HTTPException:
        raise
    except Exception as e:
        logger.error(f"Rate limit check failed: {e}", exc_info=True)
        # Don't block requests if rate limiting fails
        pass


# Additional authentication dependencies for compatibility
async def get_authenticated_user(

    authorization: Optional[str] = Header(None),

    redis_client: Redis = Depends(get_redis)

) -> Dict[str, Any]:
    """

    Alias for get_current_user for backward compatibility.

    

    Returns the user_info portion of the authentication data.

    """
    auth_info = await get_current_user(authorization, redis_client)
    return auth_info["user_info"]


async def get_authenticated_user_id(

    authorization: Optional[str] = Header(None),

    redis_client: Redis = Depends(get_redis)

) -> str:
    """

    Get just the user ID from authentication.

    

    Returns:

        str: The authenticated user's ID

    """
    auth_info = await get_current_user(authorization, redis_client)
    return auth_info["user_info"]["id"]


async def get_verified_user(

    authorization: Optional[str] = Header(None),

    redis_client: Redis = Depends(get_redis)

) -> Dict[str, Any]:
    """

    Get authenticated user that has verified email.

    

    Returns:

        Dict containing verified user information

        

    Raises:

        HTTPException: If user is not verified

    """
    auth_info = await get_current_user(authorization, redis_client)
    user_info = auth_info["user_info"]
    
    # Check email verification status from email_addresses array
    email_verified = user_info.get("email_verified", False)
    
    # If not directly available, check in email_addresses array
    if not email_verified and "email_addresses" in user_info:
        email_addresses = user_info.get("email_addresses", [])
        if email_addresses:
            primary_email_id = user_info.get("primary_email_address_id")
            if primary_email_id:
                primary_email = next((e for e in email_addresses if e.get("id") == primary_email_id), None)
                if primary_email:
                    verification = primary_email.get("verification", {})
                    email_verified = verification.get("status") == "verified"
            
            # Fallback to first email verification
            if not email_verified and email_addresses:
                first_email = email_addresses[0]
                verification = first_email.get("verification", {})
                email_verified = verification.get("status") == "verified"
    
    if not email_verified:
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Email verification required"
        )
    
    return user_info


async def get_request_context(request: Request) -> Dict[str, Any]:
    """

    Get request context information.

    

    Args:

        request: FastAPI request object

        

    Returns:

        Dict containing request context

    """
    return {
        "path": str(request.url.path),
        "method": request.method,
        "client_ip": request.client.host if request.client else "unknown",
        "user_agent": request.headers.get("user-agent", "unknown"),
        "timestamp": logger.info("Request context retrieved")
    }