"""鉴权中间件：校验请求中的 API Key。"""

import uuid

from aiohttp import web

from .config import WEBHOOK_API_KEY
from .response import error


@web.middleware
async def auth_middleware(request: web.Request, handler):
    """对 /upload 和 /webhook 路径强制校验 API Key。"""
    # 健康检查不需要鉴权
    if request.path == "/healthz":
        return await handler(request)

    auth_header = request.headers.get("Authorization", "")
    if auth_header.startswith("Bearer "):
        key = auth_header[len("Bearer "):]
    else:
        key = request.headers.get("X-API-Key", "")

    if key != WEBHOOK_API_KEY:
        return error("unauthorized", code=401, status=401)

    return await handler(request)


@web.middleware
async def request_id_middleware(request: web.Request, handler):
    """为每个请求附加唯一 request_id，便于日志追踪。"""
    request_id = request.headers.get("X-Request-ID", uuid.uuid4().hex[:12])
    request["request_id"] = request_id
    response = await handler(request)
    response.headers["X-Request-ID"] = request_id
    return response