/**
 * Server-side auth helpers for Next.js API routes.
 */

import type { TokenPayload } from './types.js';

/**
 * Get the current user from an Authorization header value.
 * Pairs with a verifyToken function and a getUserById function.
 *
 * @param authHeader - The Authorization header value (e.g., "Bearer xxx")
 * @param verifyToken - Function to verify the JWT and return a payload
 * @param getUserById - Function to look up the user by their ID
 * @returns The user object or null if auth fails
 */
export async function getCurrentUser<TUser>(
  authHeader: string | null,
  verifyToken: (token: string) => Promise<TokenPayload | null>,
  getUserById: (id: string) => Promise<TUser | null>
): Promise<TUser | null> {
  if (!authHeader?.startsWith('Bearer ')) return null;
  const token = authHeader.slice(7);
  const payload = await verifyToken(token);
  if (!payload || payload.type !== 'access') return null;
  return getUserById(payload.sub);
}