"""Bearer token authentication dependency."""

import logging

from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

from shared.config import Settings

logger = logging.getLogger(__name__)

_security = HTTPBearer(auto_error=False)
_settings = Settings()


async def verify_token(
    credentials: HTTPAuthorizationCredentials | None = Depends(_security),
) -> None:
    """Verify Bearer token. Skip auth if API_AUTH_TOKEN is not configured."""
    token = _settings.api_auth_token.get_secret_value()
    if not token:
        return  # Auth disabled in dev mode

    if credentials is None or credentials.credentials != token:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid or missing authentication token",
            headers={"WWW-Authenticate": "Bearer"},
        )