package auth

import (
	"net/http"
	"strings"

	"github.com/gin-gonic/gin"

	"git.x2erp.com/qdy/go-base/config"
)

func AuthMiddleware() gin.HandlerFunc {
	return func(c *gin.Context) {
		// 从 Header 中获取 token
		authHeader := c.GetHeader("Authorization")
		if authHeader == "" {
			c.JSON(http.StatusUnauthorized, gin.H{
				"success": false,
				"error":   "Authorization header is required",
			})
			c.Abort()
			return
		}

		// 检查 Bearer token 格式
		parts := strings.Split(authHeader, " ")
		if len(parts) != 2 || parts[0] != "Bearer" {
			c.JSON(http.StatusUnauthorized, gin.H{
				"success": false,
				"error":   "Authorization header format must be Bearer {token}",
			})
			c.Abort()
			return
		}

		tokenString := parts[1]
		configTokenString := config.GetConfig().GetAuth().Token

		// 比较 token 是否相等
		if tokenString != configTokenString {
			c.JSON(http.StatusUnauthorized, gin.H{
				"success": false,
				"error":   "Invalid token",
			})
			c.Abort()
			return
		}

		// Token 验证通过，可以存储一些上下文信息
		c.Set("authenticated", true)
		c.Set("authType", "token")

		c.Next()
	}
}