from fastapi import APIRouter, Query, HTTPException
from fastapi.responses import FileResponse
from jose import jwt, JWTError

router = APIRouter(prefix="/view")


@router.get("/{file_id}/{filename}")
def visualizar_arquivo(file_id: str, filename: str, token: str = Query(...)):
    """Valida o token e retorna o arquivo se autorizado."""
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        if payload["sub"] != file_id or payload["filename"] != filename:
            raise HTTPException(status_code=403, detail="Token inválido.")
    except JWTError:
        raise HTTPException(status_code=401, detail="Token expirado ou inválido.")

    file_path = f"files/{filename}"
    try:
        return FileResponse(file_path, media_type="application/pdf")
    except FileNotFoundError:
        raise HTTPException(status_code=404, detail="Arquivo não encontrado.")