"""Dependencies for FastAPI routers."""

from fastapi import HTTPException
from fastapi import status
from fastapi.security import APIKeyHeader
from fastapi.security.base import SecurityBase

from src.settings import settings


# API key header for authentication
api_key_header: SecurityBase = APIKeyHeader(
    name="X-PP-API-Key",
    description="API key for preprocessor access",
)


def require_pp_api_key(*, api_key: str = api_key_header) -> None:
    """Validate the preprocessor API key.

    Args:
        api_key: The API key from the X-PP-API-Key header.

    Raises:
        HTTPException: If the API key is invalid or missing.
    """
    if api_key != settings.PP_API_KEY:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid or missing API key",
            headers={"WWW-Authenticate": "ApiKey"},
        )


# API key header for database endpoint authentication
db_api_key_header: SecurityBase = APIKeyHeader(
    name="X-DB-API-Key",
    description="API key for database query access",
)


def require_db_api_key(*, api_key: str = db_api_key_header) -> None:
    """Validate the database API key.

    Args:
        api_key: The API key from the X-DB-API-Key header.

    Raises:
        HTTPException: If the API key is invalid or missing.
    """
    if api_key != settings.DB_ENDPOINT_API_KEY:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid or missing database API key",
            headers={"WWW-Authenticate": "ApiKey"},
        )