import os

from fastapi import Depends, HTTPException
from fastapi.security import OAuth2AuthorizationCodeBearer

from models.user import UserBase
from services.auth_service import validate_jwt_token

COGNITO_REGION = os.getenv("COGNITO_REGION")
COGNITO_USER_POOL_ID = os.getenv("COGNITO_USER_POOL_ID")
COGNITO_CLIENT_ID = os.getenv("COGNITO_CLIENT_ID")
COGNITO_CLIENT_SECRET = os.getenv("COGNITO_CLIENT_SECRET")
COGNITO_REDIRECT_URI = os.getenv("COGNITO_REDIRECT_URI") + "/cognito/redirect/callback"
COGNITO_LOGOUT_REDIRECT_URI = os.getenv("COGNITO_LOGOUT_REDIRECT_URI") + "/auth/login"

COGNITO_DOMAIN = f"https://{COGNITO_USER_POOL_ID.replace('_', '')}.auth.{COGNITO_REGION}.amazoncognito.com"


class UserInfo(UserBase):
    """
    User information model extending UserBase for authentication responses
    """

    pass


oauth2_scheme = OAuth2AuthorizationCodeBearer(
    authorizationUrl=f"{COGNITO_DOMAIN}/login",
    tokenUrl=f"{COGNITO_DOMAIN}/oauth2/token",
    scopes={"openid": "OpenID Connect", "email": "Email", "profile": "Profile"},
)


async def get_current_user(token: str = Depends(oauth2_scheme)) -> UserInfo:
    payload = validate_jwt_token(token)
    user_id = payload.get("sub", "")
    return UserInfo(
        email=payload.get("email", ""),
        username=payload.get("cognito:username", ""),
        first_name=payload.get("given_name", ""),
        last_name=payload.get("family_name", ""),
        user_id=user_id,
    )