"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.jwtService = void 0;
exports.authRequired = authRequired;
exports.adminRequired = adminRequired;
const JWTService_1 = require("./JWTService");
const Logger_1 = require("./Logger");
exports.jwtService = new JWTService_1.JWTService();
function authRequired(req, res, next) {
    const payload = exports.jwtService.verify(req);
    if (!payload) {
        (0, Logger_1.logAuth)('Authentication failed - No valid token', undefined, {
            ip: req.ip,
            userAgent: req.get ? req.get('User-Agent') : 'unknown',
            path: req.path
        }, req);
        return res.status(401).json({ error: 'Unauthorized' });
    }
    (0, Logger_1.logAuth)('Authentication successful', payload.userId, {
        authLevel: payload.authLevel,
        orgId: payload.orgId
    }, req);
    const refreshed = exports.jwtService.refreshIfNeeded(payload, res);
    if (refreshed) {
        (0, Logger_1.logAuth)('Token refreshed', payload.userId, undefined, req);
    }
    req.user = payload;
    next();
}
function adminRequired(req, res, next) {
    const payload = exports.jwtService.verify(req);
    if (!payload || payload.authLevel !== 1) {
        (0, Logger_1.logWarning)('Admin access denied', {
            hasPayload: !!payload,
            authLevel: payload?.authLevel,
            userId: payload?.userId,
            ip: req.ip,
            path: req.path
        }, req);
        return res.status(403).json({ error: 'Forbidden' });
    }
    (0, Logger_1.logAuth)('Admin authentication successful', payload.userId, {
        authLevel: payload.authLevel,
        orgId: payload.orgId
    }, req);
    const refreshed = exports.jwtService.refreshIfNeeded(payload, res);
    if (refreshed) {
        (0, Logger_1.logAuth)('Admin token refreshed', payload.userId, undefined, req);
    }
    req.user = payload;
    next();
}
//# sourceMappingURL=AuthMiddleware.js.map