package middleware

import (
	"github.com/Wikid82/charon/backend/internal/services"
	"github.com/gin-gonic/gin"
)

// OptionalAuth applies best-effort authentication for downstream middleware without blocking requests.
func OptionalAuth(authService *services.AuthService) gin.HandlerFunc {
	return func(c *gin.Context) {
		if authService == nil {
			c.Next()
			return
		}

		if bypass, exists := c.Get("emergency_bypass"); exists {
			if bypassActive, ok := bypass.(bool); ok && bypassActive {
				c.Next()
				return
			}
		}

		if _, exists := c.Get("role"); exists {
			c.Next()
			return
		}

		tokenString, ok := extractAuthToken(c)
		if !ok {
			c.Next()
			return
		}

		user, _, err := authService.AuthenticateToken(tokenString)
		if err != nil {
			c.Next()
			return
		}

		c.Set("userID", user.ID)
		c.Set("role", string(user.Role))
		c.Next()
	}
}