import { NextResponse } from "next/server";
import { jwtVerify } from "jose";

const getTokenFromCookies = (cookieHeader: string | null) => {
  if (!cookieHeader) return null;

  return cookieHeader
    .split("; ")
    .find((c) => c.startsWith("access_token="))
    ?.split("=")[1];
};

export function getPermision(req: Request): string[] {
  try {
    const cookie = req.headers.get("cookie");
    const token = getTokenFromCookies(cookie);

    if (!token) {
      return []
    }

    // ⚠️ For production: use Keycloak public key verification
    // For now: decode safely (basic version)
    const payload = JSON.parse(
      Buffer.from(token.split(".")[1], "base64").toString()
    );

    return payload.realm_access.roles || [];
  } catch (err) {
    return []
  }
}