middleware/auth.js

const auth = (req, res, next) => {
  try {
    const token = req.header('Authorization')?.replace('Bearer ', '');
    const userRole = req.header('user-role');
    
    if (!token) {
      return res.status(401).json({
        success: false,
        message: 'No token provided'
      });
    }

    // Check if token is in the simplified format (user_ or visitor_)
    if (token.startsWith('user_') || token.startsWith('visitor_')) {
      // For simplified system, include user role from header
      const userInfo = req.header('user-info');
      req.user = { 
        token,
        role: userRole || 'visitor', // Default to visitor if no role provided
        userInfo: userInfo ? JSON.parse(userInfo) : {}
      };
      next();
    } else {
      return res.status(401).json({
        success: false,
        message: 'Invalid token format'
      });
    }
  } catch (error) {
    console.error('Auth middleware error:', error);
    res.status(401).json({
      success: false,
      message: 'Invalid token'
    });
  }
};

module.exports = auth;