import jwt from "jsonwebtoken";
import { JWT_SECRET } from "../lib/config.js";
import { getUserById } from "../lib/userService.js";

export async function requireAuth(req, res, next) {
    const authHeader = req.headers.authorization || "";
    const token = authHeader.startsWith("Bearer ") ? authHeader.slice(7).trim() : null;
    if (!token) {
        return res.status(401).json({ error: "Inloggen vereist." });
    }
    try {
        const payload = jwt.verify(token, JWT_SECRET);
        const user = await getUserById(payload.sub);
        if (!user) {
            return res.status(401).json({ error: "Gebruiker niet gevonden." });
        }
        req.user = user;
        req.token = token;
        next();
    } catch (error) {
        return res.status(401).json({ error: "Ongeldige of verlopen token." });
    }
}

export function requireAdmin(req, res, next) {
    if (!req.user) {
        return res.status(401).json({ error: "Inloggen vereist." });
    }
    if (!req.user.isAdmin) {
        return res.status(403).json({ error: "Administratorrechten vereist." });
    }
    next();
}