package middlewares

import (
	"bssapp-backend/auth"
	"database/sql"
	"log"
	"net/http"
	"strings"
)

func AuthMiddleware(db *sql.DB, next http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

		authHeader := r.Header.Get("Authorization")
		if authHeader == "" {
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
			return
		}

		parts := strings.SplitN(authHeader, " ", 2)
		if len(parts) != 2 || parts[0] != "Bearer" {
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
			return
		}

		claims, err := auth.ValidateToken(parts[1])
		if err != nil {
			http.Error(w, "Unauthorized", http.StatusUnauthorized)
			return
		}

		// 🔥 BU SATIR ŞART
		ctx := auth.WithClaims(r.Context(), claims)

		log.Printf("🔐 AUTH CTX SET user=%d role=%s", claims.ID, claims.RoleCode)

		next.ServeHTTP(w, r.WithContext(ctx))
	})
}