package middleware

import (
	"git.echol.cn/loser/ai_proxy/server/global"
	"git.echol.cn/loser/ai_proxy/server/model/common/response"
	"git.echol.cn/loser/ai_proxy/server/utils"
	"github.com/gin-gonic/gin"
)

// AppJWTAuth 前台用户 JWT 认证中间件
func AppJWTAuth() gin.HandlerFunc {
	return func(c *gin.Context) {
		token := c.GetHeader("Authorization")
		if token == "" {
			token = c.GetHeader("x-token")
		}

		if token == "" {
			response.FailWithDetailed(gin.H{"reload": true}, "未登录或非法访问", c)
			c.Abort()
			return
		}

		// 移除 Bearer 前缀
		if len(token) > 7 && token[:7] == "Bearer " {
			token = token[7:]
		}

		// 解析 token
		claims, err := utils.ParseAppToken(token)
		if err != nil {
			global.GVA_LOG.Error("解析 App Token 失败: " + err.Error())
			response.FailWithDetailed(gin.H{"reload": true}, "授权已过期或无效", c)
			c.Abort()
			return
		}

		// 将用户信息存入上下文
		c.Set("appClaims", claims)
		c.Set("userId", claims.UserID)
		c.Set("username", claims.Username)
		c.Next()
	}
}