package middleware

import (
	"strings"
	"yuyue/utils"

	"github.com/gofiber/fiber/v2"
	"github.com/golang-jwt/jwt/v5"
)

// jwtSecret 在 jwt.go 中定义

func AuthMiddleware() fiber.Handler {
	return func(c *fiber.Ctx) error {
		authHeader := c.Get("Authorization")
		if authHeader == "" {
			return utils.Unauthorized(c, "缺少认证信息")
		}

		tokenString := strings.Replace(authHeader, "Bearer ", "", 1)

		token, err := jwt.Parse(tokenString, func(token *jwt.Token) (interface{}, error) {
			return jwtSecret, nil
		})

		if err != nil || !token.Valid {
			return utils.Unauthorized(c, "无效的认证令牌")
		}

		if claims, ok := token.Claims.(jwt.MapClaims); ok {
			c.Locals("user_id", claims["user_id"])
			c.Locals("username", claims["username"])
			c.Locals("role", claims["role"])
		}

		return c.Next()
	}
}

func AdminMiddleware() fiber.Handler {
	return func(c *fiber.Ctx) error {
		role := c.Locals("role")
		if role != "admin" {
			return utils.Unauthorized(c, "需要管理员权限")
		}
		return c.Next()
	}
}

func GetUserID(c *fiber.Ctx) uint {
	userID := c.Locals("user_id")
	if userID != nil {
		if id, ok := userID.(float64); ok {
			return uint(id)
		}
	}
	return 0
}

func GetUserRole(c *fiber.Ctx) string {
	role := c.Locals("role")
	if role != nil {
		if r, ok := role.(string); ok {
			return r
		}
	}
	return ""
}