const jwt = require("jsonwebtoken");

const verifyToken = (req, res, next) => {
  const token = req.header("Authorization");

  if (!token) {
    return res.status(403).send("A token is required for authentication");
  }

  try {
    const jwtSecretKey = process.env.JWT_SECRET_KEY || "default_secret_key";
    const decoded = jwt.verify(token.replace("Bearer ", ""), jwtSecretKey);
    req.user = decoded;
  } catch (err) {
    return res.status(401).send("Invalid Token");
  }

  return next();
};

module.exports = verifyToken;