import uuid
from pydantic import BaseModel, ValidationError

from fastapi import Depends, HTTPException, status
from fastapi.security import OAuth2PasswordBearer
from jose import JWTError, jwt

from core.config import get_settings

settings = get_settings()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token")

class TokenPayload(BaseModel):
    sub: uuid.UUID
    aud: str

async def get_current_user(token: str = Depends(oauth2_scheme)) -> uuid.UUID:
    """
    Decodes and verifies the JWT token to get the current user.
    Raises HTTPException if the token is invalid.
    """
    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(
            token,
            settings.SUPABASE_JWT_SECRET,
            algorithms=["HS256"],
            audience="authenticated"
        )
        token_data = TokenPayload(**payload)

    except (JWTError, ValidationError):
        raise credentials_exception

    return token_data.sub