const jwt = require('jsonwebtoken');
const db = require('../utils/db');

const auth = async (req, res, next) => {
  try {
    const token = req.header('Authorization').replace('Bearer ', '');
    const decoded = jwt.verify(token, process.env.JWT_SECRET);
    
    const [admins] = await db.query(
      'SELECT a.*, GROUP_CONCAT(ap.permission) as permissions FROM admins a ' +
      'LEFT JOIN admin_permissions ap ON a.id = ap.admin_id ' +
      'WHERE a.id = ? AND a.status = "active" ' +
      'GROUP BY a.id',
      [decoded.id]
    );
    
    if (!admins[0]) {
      throw new Error();
    }
    
    req.admin = {
      ...admins[0],
      permissions: admins[0].permissions ? admins[0].permissions.split(',') : []
    };
    next();
  } catch (error) {
    res.status(401).json({ message: '请先登录' });
  }
};

module.exports = auth;