import { CanActivate, ExecutionContext, Injectable, UnauthorizedException } from '@nestjs/common';
import { Observable } from 'rxjs';

@Injectable()
export class AdminAuthGuard implements CanActivate {
  private readonly expectedToken = process.env.ADMIN_TOKEN || 'admin-token';

  canActivate(
    context: ExecutionContext,
  ): boolean | Promise<boolean> | Observable<boolean> {
    const request = context.switchToHttp().getRequest();
    const headerToken = request.headers['x-admin-token'] || request.headers['authorization'];
    const token = typeof headerToken === 'string' && headerToken.startsWith('Bearer ')
      ? headerToken.slice(7)
      : headerToken;

    if (token === this.expectedToken) {
      return true;
    }

    throw new UnauthorizedException('Invalid admin token');
  }
}