const { getSupabaseServiceClient } = require('../utils/supabase');

async function requireAuth(req, res, next) {
  const authHeader = req.headers.authorization;
  if (!authHeader || !authHeader.startsWith('Bearer ')) {
    return res.status(401).json({ error: 'Authentication required' });
  }

  const token = authHeader.slice(7);
  const supabase = getSupabaseServiceClient();

  const { data: { user }, error } = await supabase.auth.getUser(token);
  if (error || !user) {
    return res.status(401).json({ error: 'Invalid or expired token' });
  }

  // Fetch user profile from our users table
  const { data: profile, error: profileError } = await supabase
    .from('users')
    .select('id, email, tier, scan_count, scan_reset_date, founder_status')
    .eq('id', user.id)
    .single();

  if (profileError || !profile) {
    return res.status(401).json({ error: 'User profile not found' });
  }

  req.user = profile;
  next();
}

module.exports = { requireAuth };