use crate::{middleware::auth::extract_bearer_token, state::AppState};
use axum::{extract::FromRequestParts, http::request::Parts, response::Response};
use domain::value_objects::SystemId;

pub struct JwtClaims {
    pub user_id: SystemId,
    pub role: String,
}

impl FromRequestParts<AppState> for JwtClaims {
    type Rejection = Response;

    async fn from_request_parts(
        parts: &mut Parts,
        state: &AppState,
    ) -> Result<Self, Self::Rejection> {
        let token = extract_bearer_token(&parts.headers)?;

        let (user_id, role) = state.token_issuer.verify(token).await.map_err(|_| {
            use axum::{Json, http::StatusCode, response::IntoResponse};
            (
                StatusCode::UNAUTHORIZED,
                Json(serde_json::json!({ "error": "Invalid or expired token" })),
            )
                .into_response()
        })?;

        Ok(JwtClaims { user_id, role })
    }
}