normogen/backend/src/middleware/auth.rs

use axum::{
    extract::{Request, State},
    http::StatusCode,
    middleware::Next,
    response::Response,
};
use crate::auth::jwt::Claims;
use crate::config::AppState;

pub async fn jwt_auth_middleware(
    State(state): State<AppState>,
    mut req: Request,
    next: Next,
) -> Result<Response, StatusCode> {
    let headers = req.headers();
    
    // Extract Authorization header
    let auth_header = headers
        .get("Authorization")
        .and_then(|h| h.to_str().ok())
        .ok_or(StatusCode::UNAUTHORIZED)?;
    
    // Check Bearer token format
    if !auth_header.starts_with("Bearer ") {
        return Err(StatusCode::UNAUTHORIZED);
    }
    
    let token = &auth_header[7..]; // Remove "Bearer " prefix
    
    // Verify token
    let claims = state
        .jwt_service
        .validate_token(token)
        .map_err(|_| StatusCode::UNAUTHORIZED)?;
    
    // Add claims to request extensions for handlers to use
    req.extensions_mut().insert(claims);
    
    Ok(next.run(req).await)
}

// Extension method to extract claims from request
pub trait RequestClaimsExt {
    fn claims(&self) -> Option<&Claims>;
}

impl RequestClaimsExt for Request {
    fn claims(&self) -> Option<&Claims> {
        self.extensions().get::<Claims>()
    }
}