from functools import wraps
from flask import g, session, redirect, url_for, request, jsonify
from app.db import query_one


def login_required(f):
    """Decorator to require authentication."""
    @wraps(f)
    def decorated_function(*args, **kwargs):
        if "user_id" not in session:
            return redirect(url_for("auth.login", next=request.url))
        return f(*args, **kwargs)
    return decorated_function


def get_current_user():
    """Get the current logged-in user (cached per-request on g)."""
    if "current_user" in g:
        return g.current_user
    user_id = session.get("user_id")
    if user_id is None:
        return None
    g.current_user = query_one("SELECT * FROM users WHERE id = %s", (user_id,))
    return g.current_user


def privacy_guard(f):
    """Decorator for API endpoints that take a user_id parameter.

    If the requested user is private and is not the current session user,
    returns an empty JSON response instead of the actual data.
    """
    @wraps(f)
    def decorated_function(user_id, *args, **kwargs):
        if user_id != session.get("user_id"):
            target = query_one("SELECT is_private FROM users WHERE id = %s", (user_id,))
            if target and target["is_private"]:
                return jsonify({})
        return f(user_id, *args, **kwargs)
    return decorated_function