package auth

import (
	"context"

	"gitea.loveuer.com/loveuer/cluster/pkg/resp"
	"github.com/gofiber/fiber/v3"
	"github.com/golang-jwt/jwt/v5"
)

func GetCurrentUser(ctx context.Context) fiber.Handler {
	return func(c fiber.Ctx) error {
		authHeader := c.Get("Authorization")
		if authHeader == "" {
			return resp.R401(c, "MISSING_TOKEN", nil, "authorization token is required")
		}

		tokenString := authHeader
		if len(authHeader) > 7 && authHeader[:7] == "Bearer " {
			tokenString = authHeader[7:]
		}

		token, err := jwt.ParseWithClaims(tokenString, &Claims{}, func(token *jwt.Token) (interface{}, error) {
			return []byte(JWTSecret), nil
		})

		if err != nil || !token.Valid {
			return resp.R401(c, "INVALID_TOKEN", nil, "invalid or expired token")
		}

		claims, ok := token.Claims.(*Claims)
		if !ok {
			return resp.R401(c, "INVALID_CLAIMS", nil, "invalid token claims")
		}

		return resp.R200(c, map[string]interface{}{
			"user_id":  claims.UserID,
			"username": claims.Username,
			"role":     claims.Role,
		})
	}
}