import { Request, Response, NextFunction } from "express";
import { isValidKey, getKeyInfo } from "../services/keys.js";

export function authMiddleware(
  req: Request,
  res: Response,
  next: NextFunction
): void {
  const header = req.headers.authorization;
  const xApiKey = req.headers["x-api-key"] as string | undefined;
  let key: string | undefined;

  if (header?.startsWith("Bearer ")) {
    key = header.slice(7);
  } else if (xApiKey) {
    key = xApiKey;
  }

  if (!key) {
    res.status(401).json({ error: "Missing API key. Use: Authorization: Bearer <key> or X-API-Key: <key>" });
    return;
  }
  if (!isValidKey(key)) {
    res.status(403).json({ error: "Invalid API key" });
    return;
  }
  // Attach key info to request for downstream use
  (req as any).apiKeyInfo = getKeyInfo(key);
  next();
}