// src/middleware/auth.middleware.js
const jwt = require("jsonwebtoken");
const config = require("../config/config");
const { User, Role } = require("../models");

const authMiddleware = async (req, res, next) => {
  try {
    const authHeader = req.headers.authorization;
    if (!authHeader || !authHeader.startsWith("Bearer ")) {
      return res
        .status(401)
        .json({ message: "Authentication token is required" });
    }

    const token = authHeader.split(" ")[1];
    const decoded = jwt.verify(token, config.jwt.secret);

    const user = await User.findOne({
      where: { id: decoded.id },
      include: [
        {
          model: Role,
          through: { attributes: [] },
          attributes: ["id", "name", "permissions"],
          required: false,
        },
      ],
      attributes: {
        exclude: ["password"],
      },
    });

    if (!user || !user.isActive) {
      return res.status(401).json({ message: "User not found or inactive" });
    }

    // 권한 정보 처리
    const permissions = {
      "basic:view": true, // 기본 권한
    };

    if (user.Roles) {
      user.Roles.forEach((role) => {
        if (role.permissions) {
          Object.entries(role.permissions).forEach(([key, value]) => {
            permissions[key] = permissions[key] || value;
          });
        }
      });
    }

    // user 객체에서 Roles 제거하고 permissions 추가
    const userData = user.toJSON();
    delete userData.Roles;
    userData.permissions = permissions;

    req.user = userData;
    next();
  } catch (error) {
    return res.status(401).json({ message: "Invalid token" });
  }
};

module.exports = authMiddleware;