const express = require('express');
const jwt = require('jsonwebtoken');
const cookieParser = require('cookie-parser'); // For cookie parsing (if needed)
const app = express();

const secretKey = 'our_secret_key'; // Replace with our actual secret key

// Use middleware to parse cookies (if token is in a cookie)
app.use(cookieParser()); 

app.get('/protected', (req, res) => {
    let token;

    // 1. Extract token:
    // Check Authorization header first
    if (req.headers.authorization && req.headers.authorization.split(' ')[0] === 'Bearer') {
        token = req.headers.authorization.split(' ')[1];
    } 
    else {
        // If not in header, check for cookie (optional)
        token = req.cookies.token;
    }

    // Return 401 Unauthorized response if the token is missing
    if (!token) {
        return res.status(401).json({ error: 'No token provided' });
    }

    try {
        // 2. Verify and decode token
        const decodedToken = jwt.verify(token, secretKey);

        // 3. Token is valid, proceed with request
      
        // We assume the user information can be accessed from `decodedToken`
        // e.g., decoded.userId, decoded.username, etc.
        
        if (decodedToken.role === 'admin') {
            res.json({ message: 'Protected resource accessed!', user: decodedToken }); 
        }
        else {
            // User is not authorized 
            res.status(403).json({ error: 'Forbidden' });
        }
    } 
    catch (err) {
        // 4. Error handling
        if (err instanceof jwt.TokenExpiredError) {
            return res.status(401).json({ error: 'Token expired' });
        } 
        else if (err instanceof jwt.JsonWebTokenError) {
            return res.status(401).json({ error: 'Invalid token' });
        } 
        else {
            // Handle other unexpected errors (e.g., database errors)
            console.error(err);
            return res.status(500).json({ error: 'Internal server error' });
        }
    }
});

app.listen(3000, () => {
  console.log('Server listening on port 3000');
});