import type { Request } from 'express'
import { AuthenticationError } from './errors'
import { getAllowedManimcatApiKeys, hasManimcatApiKey } from './manimcat-auth'

export function extractBearerToken(authHeader: string | string[] | undefined): string {
  if (!authHeader) return ''

  if (typeof authHeader === 'string') {
    return authHeader.replace(/^Bearer\s+/i, '')
  }

  if (Array.isArray(authHeader)) {
    return authHeader[0]?.replace(/^Bearer\s+/i, '') || ''
  }

  return ''
}

export function requirePromptOverrideAuth(req: Pick<Request, 'headers'>): void {
  const keys = getAllowedManimcatApiKeys()
  if (keys.length === 0) {
    throw new AuthenticationError('Prompt overrides require MANIMCAT_ROUTE_KEYS to be set.')
  }

  const token = extractBearerToken(req.headers?.authorization)
  if (!token || !hasManimcatApiKey(token)) {
    throw new AuthenticationError('Prompt overrides require a valid ManimCat API key token.')
  }
}