backend/src/api/routes/deps.py

# # backend/src/api/routes/deps.py
# from fastapi import Depends, HTTPException, status
# from fastapi.security import OAuth2PasswordBearer
# from jose import jwt, JWTError
# from sqlalchemy.ext.asyncio import AsyncSession
# from sqlalchemy.future import select

# from backend.src.core.config import settings
# from backend.src.db.session import get_db
# from backend.src.models.user import User
# from backend.src.utils.auth import ALGORITHM

# # Ye Swagger UI ko batata hai ke Token kahan se lena hai (/auth/login se)
# oauth2_scheme = OAuth2PasswordBearer(tokenUrl=f"{settings.API_V1_STR}/auth/login")

# async def get_current_user(
#     token: str = Depends(oauth2_scheme), 
#     db: AsyncSession = Depends(get_db)
# ) -> User:
#     """
#     Ye function har protected route se pehle chalega.
#     Ye Token ko verify karega aur Database se User nikal kar dega.
#     """
#     credentials_exception = HTTPException(
#         status_code=status.HTTP_401_UNAUTHORIZED,
#         detail="Could not validate credentials",
#         headers={"WWW-Authenticate": "Bearer"},
#     )
    
#     try:
#         # Token Decode karo
#         payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[ALGORITHM])
#         user_id: str = payload.get("sub")
#         if user_id is None:
#             raise credentials_exception
#     except JWTError:
#         raise credentials_exception
        
#     # Database mein User check karo
#     result = await db.execute(select(User).where(User.id == int(user_id)))
#     user = result.scalars().first()
    
#     if user is None:
#         raise credentials_exception
        
#     return user
from fastapi import Depends, HTTPException, status, Header
from fastapi.security import OAuth2PasswordBearer
from jose import jwt, JWTError
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy.future import select

from backend.src.core.config import settings
from backend.src.db.session import get_db
from backend.src.models.user import User
from backend.src.utils.auth import ALGORITHM

# Ye Swagger UI ko batata hai ke Token kahan se lena hai (/auth/login se)
# Ye Dashboard access ke liye zaroori hai
oauth2_scheme = OAuth2PasswordBearer(tokenUrl=f"{settings.API_V1_STR}/auth/login")

# ============================================================
# 1. JWT AUTHENTICATION (For Dashboard / Settings Access)
# ============================================================
async def get_current_user(
    token: str = Depends(oauth2_scheme), 
    db: AsyncSession = Depends(get_db)
) -> User:
    """
    Ye function Internal Dashboard ke liye hai (Login required).
    """
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    
    try:
        # Token Decode karo
        payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[ALGORITHM])
        user_id: str = payload.get("sub")
        if user_id is None:
            raise credentials_exception
    except JWTError:
        raise credentials_exception
        
    # Database mein User check karo
    result = await db.execute(select(User).where(User.id == int(user_id)))
    user = result.scalars().first()
    
    if user is None:
        raise credentials_exception
        
    return user

# ============================================================
# 2. API KEY AUTHENTICATION (For Public Widgets: Chat/Visual) 🔐
# ============================================================
async def get_current_user_by_api_key(
    # Frontend se header aayega: 'x-api-key: omni_abcdef...'
    api_key_header: str = Header(..., alias="x-api-key"), 
    db: AsyncSession = Depends(get_db)
) -> User:
    """
    Ye function External Widgets (Chatbot, Visual Search) ke liye hai.
    Ye JWT nahi maangta, sirf API Key maangta hai.
    """
    if not api_key_header:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED, 
            detail="API Key missing in header"
        )

    # 1. Database mein API Key check karo
    # Hum 'User' table mein dhoond rahe hain jiske paas ye key ho
    stmt = select(User).where(User.api_key == api_key_header)
    result = await db.execute(stmt)
    user = result.scalars().first()
    
    # 2. Validation
    if user is None:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid API Key provided."
        )
    
    if not user.is_active:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="User account is inactive."
        )
        
    return user