// Authentication middleware

function requireAuth(req, res, next) {
  if (req.session && req.session.userId) {
    return next();
  }
  // Save the original URL so we can redirect back after login
  req.session.returnTo = req.originalUrl;
  res.redirect('/auth/login');
}

function requireAdmin(req, res, next) {
  if (req.session && req.session.userId && req.session.isAdmin) {
    return next();
  }
  if (req.session && req.session.userId) {
    return res.status(403).render('error', { title: 'Forbidden', message: 'You do not have admin access.' });
  }
  req.session.returnTo = req.originalUrl;
  res.redirect('/auth/login');
}

function requireOrganizerOrAdmin(req, res, next) {
  if (req.session && req.session.userId && (req.session.isAdmin || req.session.isOrganizer)) {
    return next();
  }
  if (req.session && req.session.userId) {
    return res.status(403).render('error', { title: 'Forbidden', message: 'You do not have access to this page.' });
  }
  req.session.returnTo = req.originalUrl;
  res.redirect('/auth/login');
}

function loadUser(req, res, next) {
  if (req.session && req.session.userId) {
    res.locals.currentUser = {
      id: req.session.userId,
      username: req.session.username,
      isAdmin: req.session.isAdmin,
      isOrganizer: req.session.isOrganizer
    };
  } else {
    res.locals.currentUser = null;
  }
  res.locals.baseUrl = process.env.BASE_URL || `http://localhost:${process.env.PORT || 3000}`;
  next();
}

module.exports = { requireAuth, requireAdmin, requireOrganizerOrAdmin, loadUser };