using Microsoft.AspNetCore.Http;
using Mirea.Api.Security.Common.Interfaces;
using System.Threading.Tasks;

namespace Mirea.Api.Endpoint.Middleware;

public class JwtRevocationMiddleware(RequestDelegate next)
{
    public async Task Invoke(HttpContext context, IRevokedToken revokedTokenStore)
    {
        if (context.Request.Headers.ContainsKey("Authorization"))
        {
            var token = context.Request.Headers.Authorization.ToString().Replace("Bearer ", "");
            if (await revokedTokenStore.IsTokenRevokedAsync(token))
            {
                context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                return;
            }
        }

        await next(context);
    }
}