const jwt = require("jsonwebtoken");
const User = require("../models/userModel.js");
const expressAsyncHandler = require("express-async-handler");

const checkToken = expressAsyncHandler(async (req, res, next) => {
  let token;

  const authHeader = req.headers.authorization;
  if (authHeader && authHeader.startsWith('Bearer ')) {
    token = authHeader.substring(7); 
  }

  if (!token) {
    token = req.cookies.token;
  }

  if (token) {
    try {
      const decodedToken = jwt.verify(token, process.env.JWT_SECRET_KEY);
      req.user = await User.findById(decodedToken.userId).select("-password");
      next();
    } catch (error) {
      res.status(401);
      throw new Error("Invalid token !");
    }
  } else {
    res.status(401);
    throw new Error("Unauthorized !");
  }
});

module.exports = { checkToken };