use crate::{errors::ApiError, state::AppState, utils::jwt::verify_access_token};
use axum::{
    extract::{Request, State},
    middleware::Next,
    response::Response,
};
pub async fn auth_middleware(
    State(state): State<AppState>,
    mut request: Request,
    next: Next,
) -> Result<Response, ApiError> {
    let auth_header = request
        .headers()
        .get(axum::http::header::AUTHORIZATION)
        .and_then(|h| h.to_str().ok())
        .ok_or(ApiError::Unauthorized)?;
    if !auth_header.starts_with("Bearer ") {
        return Err(ApiError::Unauthorized);
    }
    let token = &auth_header[7..];
    let claims = verify_access_token(token, &state.jwt_secret)?;
    // Inject the user ID into extensions for downstream handlers
    request.extensions_mut().insert(claims.sub);
    Ok(next.run(request).await)
}