from functools import wraps
from django.http import HttpResponseForbidden
from django.contrib.auth.models import AnonymousUser
from django.views.decorators.csrf import csrf_exempt
from rest_framework.authtoken.models import Token


def swagger_auth_required(view_func):
    """
    Decorator that requires either admin authentication or valid swagger token
    """
    @csrf_exempt
    @wraps(view_func)
    def _wrapped_view(request, *args, **kwargs):
        # Check if user is admin
        if request.user and request.user.is_authenticated and request.user.is_staff:
            return view_func(request, *args, **kwargs)
        
        # Check swagger token in session
        swagger_token = request.session.get('swagger_token')
        if swagger_token:
            try:
                token_obj = Token.objects.get(key=swagger_token)
                if token_obj.user.is_active:
                    return view_func(request, *args, **kwargs)
            except Token.DoesNotExist:
                pass
        
        # Check Authorization header
        auth_header = request.META.get('HTTP_AUTHORIZATION', '')
        if auth_header.startswith('Token '):
            token = auth_header.split(' ')[1]
            try:
                token_obj = Token.objects.get(key=token)
                if token_obj.user.is_active:
                    return view_func(request, *args, **kwargs)
            except Token.DoesNotExist:
                pass
        
        return HttpResponseForbidden("Access denied. Admin authentication or valid token required.")
    
    return _wrapped_view