import { NextRequest } from 'next/server'
import { verifyToken } from '@/lib/auth'
import { prisma } from '@/lib/prisma'

export async function requireAdmin(request: NextRequest) {
  const authHeader = request.headers.get('Authorization')
  const token = authHeader?.replace('Bearer ', '')

  if (!token) {
    throw new Error('未提供认证令牌')
  }

  const decoded = verifyToken(token)
  if (!decoded) {
    throw new Error('无效的认证令牌')
  }

  const user = await prisma.user.findUnique({
    where: { id: decoded.userId },
    select: { id: true, isAdmin: true }
  })

  if (!user || !user.isAdmin) {
    throw new Error('权限不足')
  }

  return user
}