const jwt = require('jsonwebtoken')
const JWT_secret = "Cantileverlabs"
const mongoose = require('mongoose')
const User = mongoose.model("User")
module.exports = async (req,res,next)=>{
    const {authorization} = req.headers ;
    //authorization === Bearer Cantileverlabs
    if(!authorization){
        return res.status(401).json({error:"You must be logged in"})
    }
    const token = authorization.replace("Bearer ","")
    jwt.verify(token,JWT_secret,async (err,payload)=>{
        if(err){
            return res.status(401).json({error:"You must be logged in"}) ;
        }
        const {_id} = payload ;
        const user = await User.findById(_id) ;
        if(user.isAdmin)
        {
            next() ;
        }
        else
        {
            return res.status(401).json({error:"Not an admin"}) ;
        }
    })
}