import { Hono } from 'hono';
import suggestionsRouter from './suggestions.js';
import notifyRouter from './notify.js';
import type { AuthUser } from '../../auth/types.js';
import { canAccessScheduling } from '../../auth/types.js';

const app = new Hono();

// Module-level access guard. When auth middleware is active, `user` is set and
// we require a role from SCHEDULING_ACCESS_ROLES (or a full-access role).
// When auth is bypassed (dev), `user` is undefined and requests pass through.
app.use('*', async (c, next) => {
  const user = (c as any).get('user') as AuthUser | undefined;
  if (user && !canAccessScheduling(user.roles)) {
    return c.json({ error: 'Forbidden: 智能调度访问需要 BI-SCHEDULE-OPT 角色' }, 403);
  }
  return next();
});

app.route('/suggestions', suggestionsRouter);
app.route('/notify', notifyRouter);

export default app;