const logger = require('../utils/logger');

function adminAuth(req, res, next) {
  const adminPassword = process.env.ADMIN_PASSWORD;

  if (!adminPassword) {
    logger.error('ADMIN_PASSWORD not configured');
    return res.status(500).json({ error: 'Admin authentication not configured' });
  }

  // Check Authorization header
  const authHeader = req.headers.authorization;

  if (!authHeader) {
    return res.status(401).json({ error: 'Authorization required' });
  }

  // Expected format: "Bearer <password>"
  const parts = authHeader.split(' ');
  if (parts.length !== 2 || parts[0] !== 'Bearer') {
    return res.status(401).json({ error: 'Invalid authorization format' });
  }

  const password = parts[1];

  if (password !== adminPassword) {
    logger.warn('Invalid admin password attempt');
    return res.status(401).json({ error: 'Invalid password' });
  }

  next();
}

module.exports = adminAuth;