const jwt = require('jsonwebtoken');
const User = require('../models/User'); // Import User model

module.exports = async function (req, res, next) {
  const token = req.header('auth-token');
  if (!token) return res.status(401).send('Access Denied');

  try {
    const verified = jwt.verify(token, process.env.JWT_SECRET);
    req.user = verified;

    // --- BAN CHECK ---
    // We fetch the user to check their strike count
    const user = await User.findById(req.user._id);
    
    if (user && user.ban_strikes >= 3) {
        return res.status(403).json({ 
            error: "ACCOUNT_BANNED", 
            message: "Your account is permanently suspended due to repeated invalid UTR submissions." 
        });
    }
    // -----------------

    next();
  } catch (err) {
    res.status(400).send('Invalid Token');
  }
};