import os
from fastapi import Header, HTTPException, status
from dotenv import load_dotenv

load_dotenv()

def admin_auth(x_admin_key: str = Header(...)):
    """
    Simple admin authentication using a shared secret key.
    Used ONLY for admin routes (POST / PUT / DELETE).
    """
    admin_key = os.getenv("ADMIN_API_KEY")

    if not admin_key:
        raise RuntimeError("ADMIN_API_KEY not set in environment")

    if x_admin_key != admin_key:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Unauthorized"
        )