import { Request, Response, NextFunction } from "express";
import { validateKey, getAdminSecret } from "../lib/apiKeys.js";

export function requireApiKey(req: Request, res: Response, next: NextFunction) {
  const authHeader = req.headers["authorization"] ?? "";
  const key = authHeader.startsWith("Bearer ")
    ? authHeader.slice(7).trim()
    : (req.headers["x-api-key"] as string | undefined)?.trim() ?? "";

  if (!key) {
    res.status(401).json({ error: "API key required. Use the header: Authorization: Bearer <your-key>" });
    return;
  }

  const found = validateKey(key);
  if (!found) {
    res.status(403).json({ error: "Invalid or revoked API key." });
    return;
  }

  (req as any).apiKey = found;
  next();
}

export function requireAdmin(req: Request, res: Response, next: NextFunction) {
  const secret = req.headers["x-admin-secret"] as string | undefined;
  if (!secret || secret !== getAdminSecret()) {
    res.status(403).json({ error: "Incorrect admin secret." });
    return;
  }
  next();
}