const JWTService = require('../utils/jwt');
const { ErrorHandler } = require('../helpers/error');

function setUser(req, decoded) {
  req.user = {
    userId: decoded.user_id,
    fullname: decoded.user_fullname,
    username: decoded.user_name,
    email: decoded.user_email,
    roleId: decoded.role_id,
    roleName: decoded.role_name
  };
}

function verifyAccessToken(req, res, next) {
  try {
    let token = req.cookies?.accessToken;

    if (!token) {
      const authHeader = req.headers.authorization;
      if (!authHeader || !authHeader.startsWith('Bearer')) {
        throw new ErrorHandler(401, 'Access Token is required');
      }
      token = authHeader.split(' ')[1];
    }

    const decoded = JWTService.verifyToken(token);
    setUser(req, decoded);
    next();
  } catch (error) {
    if (error.name === 'TokenExpiredError' || error.name === 'JsonWebTokenError') {
      return next(new ErrorHandler(401, error.message));
    }
    next(new ErrorHandler(500, 'Authenticate verification failed'));
  }
}

function verifyRefreshToken(req, res, next) {
  try {
    const refreshToken = req.cookies?.refreshToken;

    if (!refreshToken) {
      throw new ErrorHandler(401, 'Refresh Token is required');
    }

    const decoded = JWTService.verifyRefreshToken(refreshToken);
    setUser(req, decoded);
    next();
  } catch (error) {
    next(new ErrorHandler(500, 'Refresh token verification failed'));
  }
}

module.exports = {
  verifyAccessToken,
  verifyRefreshToken,
};