const jwt = require('jsonwebtoken');
const { User, SystemUser, LadderUser, Store } = require('../models');

// 小程序用户认证
const authUser = async (req, res, next) => {
  try {
    const token = req.headers.authorization?.replace('Bearer ', '');
    if (!token) {
      return res.status(401).json({ code: 401, message: '请先登录' });
    }

    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    const user = await User.findByPk(decoded.userId);
    
    if (!user || user.status !== 1) {
      return res.status(401).json({ code: 401, message: '用户不存在或已禁用' });
    }

    req.user = user;
    next();
  } catch (error) {
    if (error.name === 'TokenExpiredError') {
      return res.status(401).json({ code: 401, message: '登录已过期，请重新登录' });
    }
    return res.status(401).json({ code: 401, message: '认证失败' });
  }
};

// 后台管理员认证
const authAdmin = async (req, res, next) => {
  try {
    const token = req.headers.authorization?.replace('Bearer ', '');
    if (!token) {
      return res.status(401).json({ code: 401, message: '请先登录' });
    }

    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    const admin = await SystemUser.findByPk(decoded.adminId, {
      include: [{ model: Store, as: 'store' }]
    });
    
    if (!admin || admin.status !== 1) {
      return res.status(401).json({ code: 401, message: '账号不存在或已禁用' });
    }

    req.admin = admin;
    next();
  } catch (error) {
    if (error.name === 'TokenExpiredError') {
      return res.status(401).json({ code: 401, message: '登录已过期，请重新登录' });
    }
    return res.status(401).json({ code: 401, message: '认证失败' });
  }
};

// 超级管理员权限验证
const requireSuperAdmin = (req, res, next) => {
  if (req.admin.role !== 'super_admin') {
    return res.status(403).json({ code: 403, message: '权限不足' });
  }
  next();
};

// 门店数据权限验证
const checkStoreAccess = (req, res, next) => {
  const storeId = req.params.storeId || req.body.store_id || req.query.store_id;
  
  // 超级管理员可访问所有门店
  if (req.admin.role === 'super_admin') {
    return next();
  }
  
  // 门店员工只能访问自己门店的数据
  if (storeId && req.admin.store_id !== parseInt(storeId)) {
    return res.status(403).json({ code: 403, message: '无权访问该门店数据' });
  }
  
  next();
};

// 天梯用户验证
const requireLadderUser = async (req, res, next) => {
  const { store_id } = req.query;
  
  const ladderUser = await LadderUser.findOne({
    where: {
      user_id: req.user.id,
      store_id: store_id,
      status: 1
    }
  });

  if (!ladderUser) {
    return res.status(403).json({ code: 403, message: '您还不是该门店的天梯用户' });
  }

  req.ladderUser = ladderUser;
  next();
};

module.exports = {
  authUser,
  authAdmin,
  requireSuperAdmin,
  checkStoreAccess,
  requireLadderUser
};