import { Request, Response, NextFunction } from 'express';
import { verifyAccessToken, AuthContext } from '../services/jwt.service';
import { logger } from '../lib/logger';

declare global {
  namespace Express {
    interface Request {
      auth?: AuthContext;
    }
  }
}

function extractToken(req: Request): string | null {
  const cookie = req.cookies?.access_token;
  if (cookie) return cookie;

  const auth = req.headers.authorization;
  if (auth) {
    const [scheme, token] = auth.split(' ');
    if (scheme?.toLowerCase() === 'bearer' && token) return token;
  }

  return null;
}

export async function authMiddleware(req: Request, res: Response, next: NextFunction): Promise<void> {
  const token = extractToken(req);

  if (!token) {
    res.status(401).json({ success: false, error: 'Not authenticated' });
    return;
  }

  try {
    req.auth = await verifyAccessToken(token);
    next();
  } catch (err: any) {
    logger.warn(`Auth failed: ${err.message}`);
    res.status(err.status || 401).json({ success: false, error: err.message || 'Invalid token' });
  }
}