<?php

namespace App\Middleware;

use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use Psr\Http\Server\MiddlewareInterface;
use Psr\Http\Server\RequestHandlerInterface as RequestHandler;
use App\Services\AuthService;

class ApiAuthMiddleware implements MiddlewareInterface
{
    private AuthService $authService;
    private array $publicRoutes = [
        '/api/auth/check',
        '/api/auth/login',
        '/api/auth/register',
        '/api/status'
    ];

    public function __construct(AuthService $authService)
    {
        $this->authService = $authService;
    }

    public function process(Request $request, RequestHandler $handler): Response
    {
        $path = $request->getUri()->getPath();
        
        // Skip authentication for public routes
        if (in_array($path, $this->publicRoutes)) {
            return $handler->handle($request);
        }
        
        // Get token from Authorization header
        $authHeader = $request->getHeaderLine('Authorization');
        if (empty($authHeader) || !preg_match('/Bearer\s(\S+)/', $authHeader, $matches)) {
            return $this->createErrorResponse(401, 'Missing or invalid authorization token');
        }
        
        $token = $matches[1];
        
        try {
            // Verify token and get user
            $user = $this->authService->verifyToken($token);
            if (!$user) {
                return $this->createErrorResponse(401, 'Invalid or expired token');
            }
            
            // Add user to request attributes for use in controllers
            $request = $request->withAttribute('user', $user);
            
            return $handler->handle($request);
            
        } catch (\Exception $e) {
            return $this->createErrorResponse(500, 'Authentication error');
        }
    }
    
    private function createErrorResponse(int $status, string $message): Response
    {
        $response = new \Slim\Psr7\Response($status);
        $response->getBody()->write(json_encode([
            'success' => false,
            'error' => [
                'code' => $status,
                'message' => $message
            ]
        ]));
        
        return $response->withHeader('Content-Type', 'application/json');
    }
}