package middleware

import (
	"strings"

	"wish-list-api/pkg/auth"

	"github.com/gofiber/fiber/v2"
	"github.com/golang-jwt/jwt/v5"
)

func Protected(authService auth.Service) fiber.Handler {
	return func(c *fiber.Ctx) error {
		authHeader := c.Get("Authorization")

		if authHeader == "" || !strings.HasPrefix(authHeader, "Bearer ") {
			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
				"status": false,
				"error":  "требуется авторизация",
			})
		}

		tokenString := strings.TrimPrefix(authHeader, "Bearer ")

		token, err := authService.ValidateToken(tokenString)
		if err != nil || !token.Valid {
			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
				"status": false,
				"error":  "недействительный токен",
			})
		}

		claims, ok := token.Claims.(jwt.MapClaims)
		if !ok {
			return c.Status(fiber.StatusUnauthorized).JSON(fiber.Map{
				"status": false,
				"error":  "недействительный токен",
			})
		}

		c.Locals("userID", claims["user_id"])
		c.Locals("email", claims["email"])

		return c.Next()
	}
}