"use strict";

const DEFAULT_ADMIN_TOKEN = "dev-task-board-token";

function getAdminToken() {
  const envToken = process.env.TASK_BOARD_ADMIN_TOKEN;
  if (typeof envToken === "string" && envToken.trim()) {
    return envToken.trim();
  }
  return DEFAULT_ADMIN_TOKEN;
}

function sendUnauthorized(res) {
  res.writeHead(401, {
    "Content-Type": "application/json; charset=utf-8",
    "Cache-Control": "no-store",
    "WWW-Authenticate": 'Bearer realm="task-board-admin"',
  });
  res.end(JSON.stringify({ error: "Unauthorized" }));
}

function requireAdmin(req, res) {
  const authHeader = typeof req.headers.authorization === "string" ? req.headers.authorization.trim() : "";
  const token = authHeader.toLowerCase().startsWith("bearer ") ? authHeader.slice(7).trim() : "";
  if (!token || token !== getAdminToken()) {
    sendUnauthorized(res);
    return false;
  }
  return true;
}

module.exports = {
  getAdminToken,
  requireAdmin,
};