import hashlib
import secrets
from typing import Optional

from fastapi import Header, HTTPException, status

from app.core.config import settings


def hash_password(password: str) -> str:
    return hashlib.sha256(password.encode("utf-8")).hexdigest()


def verify_password(password: str, expected_hash: str) -> bool:
    return hash_password(password) == expected_hash


def verify_access_password(password: str) -> bool:
    return secrets.compare_digest(password, settings.auth_password)


def verify_api_token(x_api_token: Optional[str] = Header(default=None)) -> None:
    if x_api_token != settings.auth_password:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="无效的访问令牌",
        )