from fastapi import FastAPI, Request, HTTPException
from fastapi.security.utils import get_authorization_scheme_param
from app.core.config import settings
from app.core.security import decode_token

from app.api.auth import router as auth_router
from app.api.recommend import router as recommend_router

app = FastAPI(title="Service Finder API")

@app.middleware("http")
async def jwt_claims_middleware(request: Request, call_next):
    """
    Ha van Authorization: Bearer <token>, akkor claims bekerül request.state.claims-be.
    Auth endpointoknál nem kötelező.
    """
    auth = request.headers.get("Authorization")
    if auth:
        scheme, token = get_authorization_scheme_param(auth)
        if scheme.lower() == "bearer" and token:
            try:
                claims = decode_token(token, settings.JWT_SECRET)
                if claims.get("type") != "access":
                    raise HTTPException(status_code=401, detail="Invalid access token type")
                request.state.claims = claims
            except Exception:
                # nem dobunk mindig 401-et, csak a védett endpointoknál; itt “néma” marad
                request.state.claims = None
    else:
        request.state.claims = None

    return await call_next(request)

@app.get("/health")
def health():
    return {"status": "ok"}

@app.get("/health/db")
def health_db():
    from app.db.session import get_conn
    with get_conn() as conn:
        with conn.cursor() as cur:
            cur.execute("SELECT 1;")
            return {"db": "ok", "result": cur.fetchone()[0]}

app.include_router(auth_router)
app.include_router(recommend_router)