package middleware

import (
	"log"
	"strings"

	"llm-proxy/internal/db"
	"llm-proxy/internal/models"

	"github.com/gin-gonic/gin"
)

func AuthMiddleware(database *db.DB) gin.HandlerFunc {
	return func(c *gin.Context) {
		authHeader := c.GetHeader("Authorization")
		if authHeader == "" {
			c.Next()
			return
		}

		token := strings.TrimPrefix(authHeader, "Bearer ")
		if token == authHeader { // No "Bearer " prefix
			c.Next()
			return
		}

		// Try to resolve client from database
		var clientID string
		err := database.Get(&clientID, "UPDATE client_tokens SET last_used_at = CURRENT_TIMESTAMP WHERE token = ? AND is_active = 1 RETURNING client_id", token)
		
		if err == nil {
			c.Set("auth", models.AuthInfo{
				Token:    token,
				ClientID: clientID,
			})
		} else {
			// Fallback to token-prefix derivation (matches Rust behavior)
			prefixLen := len(token)
			if prefixLen > 8 {
				prefixLen = 8
			}
			clientID = "client_" + token[:prefixLen]
			c.Set("auth", models.AuthInfo{
				Token:    token,
				ClientID: clientID,
			})
			log.Printf("Token not found in DB, using fallback client ID: %s", clientID)
		}

		c.Next()
	}
}