import jwt
from connexion import ProblemException
from flask import request

def current_user_id() -> str:
    """Liest die User-UUID (sub) aus dem Bearer-JWT im Authorization-Header."""
    auth = request.headers.get("Authorization", "")
    if not auth.startswith("Bearer "):
        raise ProblemException(status=401, detail="Missing Bearer token")

    token = auth.split()[1]

    # ↓ Für Demo ohne Signaturprüfung – produktiv natürlich verifizieren!
    payload = jwt.decode(token, options={"verify_signature": False})
    return payload["sub"]