import { verifyFileKey } from "@midday/encryption";
import type { MiddlewareHandler } from "hono";
import { HTTPException } from "hono/http-exception";
import { normalizeAndValidatePath } from "../routers/files/utils";

export const withFileAuth: MiddlewareHandler = async (c, next) => {
  const fk = c.req.query("fk");

  if (!fk) {
    throw new HTTPException(401, {
      message: "File key (fk) query parameter is required for file access.",
    });
  }

  // Get filePath from query - this will be validated by the route schema
  const filePath = c.req.query("filePath") || c.req.query("path");

  if (!filePath) {
    throw new HTTPException(400, {
      message: "File path is required.",
    });
  }

  // Extract teamId from path
  const { pathTeamId } = normalizeAndValidatePath(filePath);

  // Verify JWT token and extract teamId
  const tokenTeamId = await verifyFileKey(fk);

  // Validate the token's teamId matches the path teamId
  if (!tokenTeamId || tokenTeamId !== pathTeamId) {
    throw new HTTPException(401, {
      message: "Invalid file key.",
    });
  }

  // Set teamId in context for downstream handlers
  c.set("teamId", pathTeamId);

  await next();
};