//! `/admin/me` — small HTMX fragment used by the sidebar to show "signed in
//! as <name>". Doubles as a cheap auth-check for the dashboard shell: if
//! the cookie isn't valid, the AuthedUser extractor 401s and the page-level
//! HTMX response handler bounces back to the login form.

use crate::api::admin::i18n::{t, Lang};
use crate::api::error::ApiError;
use crate::api::middleware::AuthedUser;
use axum::response::Html;

pub async fn me(user: AuthedUser, lang: Lang) -> Result<Html<String>, ApiError> {
    Ok(Html(format!(
        "{label} <span class=\"text-slate-300\">{name}</span>",
        label = t(lang, "nav.signed_in_as"),
        name = html_escape(&user.name),
    )))
}

fn html_escape(s: &str) -> String {
    s.replace('&', "&amp;")
        .replace('<', "&lt;")
        .replace('>', "&gt;")
}