"""JWT 鉴权工具。"""

from __future__ import annotations

from typing import Any

import jwt
from fastapi import Request

from fastapi_admin.config import JWT_SECRET_KEY, JWT_ALGORITHM


def verify_access_token(RequestObj: Request) -> dict[str, Any]:
    """验证 JWT access token 并返回 payload。"""
    auth = RequestObj.headers.get("Authorization", "")
    if not auth.startswith("Bearer "):
        return {}
    token = auth.removeprefix("Bearer ").strip()
    try:
        payload = jwt.decode(token, JWT_SECRET_KEY, algorithms=[JWT_ALGORITHM])
        return payload
    except jwt.PyJWTError:
        return {}