"""AWS Lambda Image Processor - Security Hardened"""
import os
from image_processor import (
    validate_image, determine_processing, process_image,
    save_image, get_processed_key, build_result
)
from storage import write_metadata, upload_processed, get_object
from notifications import send_notification

BUCKET = os.environ.get('S3_BUCKET', '')
TABLE = os.environ['DYNAMODB_TABLE']
TOPIC = os.environ['SNS_TOPIC_ARN']
ENV = os.environ.get('ENVIRONMENT', 'prod')


def lambda_handler(event: dict, context) -> dict:
    """Main Lambda handler for image processing"""
    for r in event.get('Records', []):
        bucket = r['s3']['bucket']['name']
        key = r['s3']['object']['key']
        
        if not key.startswith('uploads/'):
            continue
        
        try:
            filename = os.path.basename(key)
            
            # Get and validate image
            img_data, size = get_object(bucket, key)
            img, img_hash = validate_image(img_data)
            
            # Process image
            target, ptype = determine_processing(filename)
            img = process_image(img, target, ptype)
            
            # Save and upload
            output_data, content_type = save_image(img, img.format)
            processed_key = get_processed_key(key)
            upload_processed(bucket, processed_key, output_data, content_type,
                           {'original_hash': img_hash, 'processed_by': 'image-processor'})
            
            # Build result and store metadata
            result = build_result(key, processed_key, img.size, img, ptype, img_hash)
            write_metadata(filename, os.path.basename(processed_key), result)
            
            send_notification(filename, result, 'success')
            
        except Exception as e:
            send_notification(key, {'error': str(e)}, 'error')
            raise
    
    return {'statusCode': 200}