import { Request, Response, NextFunction } from 'express';
import { config } from '../config/env.js';

/**
 * Optional API key authentication middleware.
 * If AUTH_API_KEY is set in env, requires it in the Authorization header.
 */
export function authMiddleware(req: Request, res: Response, next: NextFunction) {
  const apiKey = (config as unknown as Record<string, string>)['AUTH_API_KEY'];
  if (!apiKey) return next();

  const authHeader = req.headers.authorization;
  if (!authHeader || authHeader !== `Bearer ${apiKey}`) {
    return res.status(401).json({
      success: false,
      error: { code: 'UNAUTHORIZED', message: 'Invalid or missing API key' },
    });
  }
  next();
}