import logging
from fastapi import Depends, HTTPException
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
import jwt
from jwt import PyJWKClient
from config import JWKS_URL

security = HTTPBearer()

def get_public_key(token: str):
    try:
        jwks_client = PyJWKClient(JWKS_URL)
        signing_key = jwks_client.get_signing_key_from_jwt(token)
        return signing_key.key
    except Exception as e:
        logging.error(f"Error fetching public key: {e}")
        raise

def token_required(credentials: HTTPAuthorizationCredentials = Depends(security)):
    token = credentials.credentials
    try:
        public_key = get_public_key(token)
        decoded = jwt.decode(
            token,
            public_key,
            algorithms=['RS256'],
            issuer="https://assuring-lobster-64.clerk.accounts.dev"
        )
        customer_id = decoded.get('org_id')
        user_id = decoded.get('sub')
        logging.info(f"Customer/Org ID: {customer_id}, User ID: {user_id}")
        if not customer_id:
            logging.error("Customer ID is missing in the token!")
            raise HTTPException(status_code=401, detail="Customer ID is missing in the token!")
        return customer_id, user_id
    except jwt.ExpiredSignatureError:
        logging.error("Token has expired")
        raise HTTPException(status_code=401, detail="Token has expired")
    except jwt.InvalidTokenError as e:
        logging.error(f"Invalid token: {e}")
        raise HTTPException(status_code=401, detail="Invalid token")
    except Exception as e:
        logging.error(f"Error decoding token: {e}")
        raise HTTPException(status_code=401, detail=str(e))