package middleware

import (
	"net/http"

	"soul-api/internal/auth"
	"soul-api/internal/config"

	"github.com/gin-gonic/gin"
)

// AdminAuth 管理端鉴权：校验 JWT（Authorization: Bearer 或 Cookie admin_session），未登录返回 401
func AdminAuth() gin.HandlerFunc {
	return func(c *gin.Context) {
		cfg := config.Get()
		if cfg == nil {
			c.Next()
			return
		}
		token := auth.GetAdminJWTFromRequest(c.Request)
		if _, ok := auth.ParseAdminJWT(token, cfg.AdminSessionSecret); !ok {
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"success": false, "error": "未授权访问，请先登录"})
			return
		}
		c.Next()
	}
}