"""Manage API key validation for FastAPI routes."""

from fastapi import Depends, HTTPException, status
from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer

from gso.settings import load_oss_params

security = HTTPBearer()


async def get_api_key(
    credentials: HTTPAuthorizationCredentials = Depends(security),  # noqa: B008
) -> str:
    """Validate the provided API key against known third-party keys and returns it if valid, else raises HTTP 403."""
    settings = load_oss_params()
    api_key = credentials.credentials

    # TODO: This is a simulated database of API keys which should be replace with a real one
    if api_key in settings.THIRD_PARTY_API_KEYS.values():
        return api_key

    raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Invalid API Key")