package middleware

import (
	"log"
	"net/http"
	"strings"

	"gophergate/internal/db"
	"gophergate/internal/models"

	"github.com/gin-gonic/gin"
)

func AuthMiddleware(database *db.DB) gin.HandlerFunc {
	return func(c *gin.Context) {
		authHeader := c.GetHeader("Authorization")
		if authHeader == "" {
			c.Next()
			return
		}

		token := strings.TrimPrefix(authHeader, "Bearer ")
		if token == authHeader { // No "Bearer " prefix
			c.Next()
			return
		}

		// Try to resolve client from database
		var clientID string
		err := database.Get(&clientID, "UPDATE client_tokens SET last_used_at = CURRENT_TIMESTAMP WHERE token = ? AND is_active = 1 RETURNING client_id", token)

		if err == nil {
			c.Set("auth", models.AuthInfo{
				Token:    token,
				ClientID: clientID,
			})
			c.Next()
		} else {
			log.Printf("Token not found or inactive in DB: %s", token)
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid or inactive token"})
		}
	}
}