import { Request, Response, NextFunction } from 'express';
import { firebaseService } from '../services/firebaseService';

declare global {
  namespace Express {
    interface Request {
      user?: {
        uid: string;
        role: string;
        email: string;
        name: string;
      };
    }
  }
}

export const authenticate = async (
  req: Request,
  res: Response,
  next: NextFunction
) => {
  try {
    const authHeader = req.headers.authorization;
    if (!authHeader?.startsWith('Bearer ')) {
      return res.status(401).json({ error: 'No token provided' });
    }

    const token = authHeader.split('Bearer ')[1];
    const decodedToken = await firebaseService.auth.verifyIdToken(token);
    const userRole = await firebaseService.getUserRole(decodedToken.uid);

    if (!userRole) {
      return res.status(403).json({ error: 'User not found' });
    }

    req.user = {
      uid: decodedToken.uid,
      role: userRole.role,
      email: userRole.email,
      name: userRole.name,
    };

    next();
  } catch (error) {
    console.error('Auth error:', error);
    res.status(401).json({ error: 'Invalid token' });
  }
};

export const requireRole = (roles: string[]) => {
  return (req: Request, res: Response, next: NextFunction) => {
    if (!req.user) {
      return res.status(401).json({ error: 'Authentication required' });
    }

    if (!roles.includes(req.user.role)) {
      return res.status(403).json({ error: 'Insufficient permissions' });
    }

    next();
  };
};