"""权限校验依赖

Usage:
    from app.core.auth import require_login, func_permission

    # 仅需登录
    @router.get("/profile")
    async def get_profile(user_id: int = Depends(require_login)):
        ...

    # 需要功能权限（校验 + 扣库存，异常自动回退）
    @router.post("/ai/generate")
    async def generate(_: None = Depends(func_permission("ai:generate"))):
        ...
"""

from fastapi import HTTPException

from app.core.context import RequestContext
from app.core.database import get_db
from app.core.logger import log


async def require_login() -> int:
    """要求登录，返回 user_id"""
    user_id = RequestContext.user_id.get(None)
    if user_id is None:
        raise HTTPException(status_code=401, detail="未经授权，请登录")
    return user_id


def func_permission(func_code: str):
    """功能权限校验：校验权限 + 扣库存 → 执行业务 → 异常回退"""

    async def dependency():
        user_id = await require_login()

        from app.services.func_permission_service import FuncPermissionService

        # 事务1：校验 + 扣库存
        async for session in get_db():
            service = FuncPermissionService(session)
            log.info(f"功能权限校验 userId:{user_id} funcCode:{func_code}")
            log_id = await service.check_and_deduct(user_id, func_code)

        try:
            yield
        except Exception as e:
            # 事务2：回滚
            log.warning(
                f"业务异常，回退使用记录 logId:{log_id} userId:{user_id} funcCode:{func_code}"
            )
            async for session in get_db():
                service = FuncPermissionService(session)
                await service.rollback_usage(log_id, user_id, func_code)
            raise

    return dependency