import jwt from 'jsonwebtoken';
import { JWT_SECRET } from '../config/users.js';

export const authenticateToken = (req, res, next) => {
  console.log(`Authenticating request: ${req.method} ${req.path}`);
  console.log('Authorization header:', req.headers['authorization'] ? 'Present' : 'Missing');
  
  const authHeader = req.headers['authorization'];
  const token = authHeader && authHeader.split(' ')[1];

  if (!token) {
    console.log('No token provided');
    return res.status(401).json({ error: 'Access token required' });
  }

  jwt.verify(token, JWT_SECRET, (err, user) => {
    if (err) {
      console.log('Token verification failed:', err.message);
      return res.status(403).json({ error: 'Invalid or expired token' });
    }
    console.log('Token verified for user:', user.userId);
    req.user = user;
    next();
  });
};