package handler

import (
	"authorization/internal"
	"net/http"
	"strings"

	"github.com/gin-gonic/gin"
	"github.com/sirupsen/logrus"
)

const (
	authorizationHeader = "Authorization"
	roleKey             = "user_role"
)

func (h *Handler) checkAdminIdentity(c *gin.Context) {
	header := c.GetHeader(authorizationHeader)
	if header == "" {
		newErrorResponse(c, http.StatusUnauthorized, "Пустой header авторизации")
		return
	}

	headerParts := strings.Split(header, " ")
	if len(headerParts) != 2 {
		newErrorResponse(c, http.StatusUnauthorized, "Невалидный токен JWT")
		return
	}

	userRole, err := h.services.ParseToken(headerParts[1])
	
	if userRole != string(internal.Admin) {
		newErrorResponse(c, http.StatusUnauthorized, "Недостаточно прав для выполнения запроса")
		return
	}
	if err != nil {
		newErrorResponse(c, http.StatusUnauthorized, "Ошибка при извлечении claims")
		return
	}

	c.Set(roleKey, userRole)
}