const jwt = require('jsonwebtoken');

const authMiddleware = (req, res, next) => {
    const JWT_SECRET = 'secretkey';
    const authHeader = req.headers.authorization;
    if (!authHeader || !authHeader.startsWith('Bearer ')) {
        return res.status(401).json({
            success: false,
            message: 'Unauthorized: Missing or invalid token format'
        });
    } 
    const token = authHeader.split(' ')[1];
    try {
        const decoded = jwt.verify(token, JWT_SECRET);
        req.user = decoded;
        next();
    } catch (error) {
        return res.status(401).json({
            success: false,
            message: 'Unauthorized: Invalid token'
        });

    }
};

module.exports = authMiddleware;