import type { NextFunction, Request, Response } from 'express';
import { env } from '../../lib/env.js';

export const requireAdminToken = (request: Request, response: Response, next: NextFunction) => {
  if (!env.adminToken) {
    return next();
  }

  const header = request.headers.authorization;
  const fallbackToken = request.headers['x-admin-token'];
  const tokenValue = Array.isArray(fallbackToken) ? fallbackToken[0] : fallbackToken;
  const token = header?.startsWith('Bearer ') ? header.slice(7) : tokenValue;

  if (token !== env.adminToken) {
    return response.status(401).json({
      error: 'Unauthorized',
      message: 'Invalid admin token',
    });
  }

  return next();
};