import os
import logging
import streamlit as st

logger = logging.getLogger(__name__)

def check_token(user_token: str):
    ACCESS_TOKEN = os.getenv("ACCESS_TOKEN")
    if not ACCESS_TOKEN:
        logger.critical("ACCESS_TOKEN not set in environment.")
        return False, "Server error: Access token not configured."
    if user_token == ACCESS_TOKEN:
        logger.info("Access token validated successfully.")
        return True, ""
    logger.warning("Invalid access token attempt.")
    return False, "Invalid token."

def gated_access() -> bool:
    if "authenticated" not in st.session_state:
        st.session_state["authenticated"] = False

    if not st.session_state["authenticated"]:
        st.markdown("## Access Required")
        token_input = st.text_input("Enter Access Token", type="password")
        if st.button("Unlock App"):
            ok, error_msg = check_token(token_input)
            if ok:
                st.session_state["authenticated"] = True
                st.rerun()
            else:
                st.error(error_msg)
        return False
    return True