import { NextRequest, NextResponse } from 'next/server'

/**
 * Authentication utilities for API routes
 * Implements API key-based authentication
 */

const API_KEY_HEADER = 'x-api-key'

/**
 * Validates API key from request headers
 * @param request - Next.js request object
 * @returns true if valid, false otherwise
 */
export function validateApiKey(request: NextRequest): boolean {
  const apiKey = request.headers.get(API_KEY_HEADER)
  const validApiKey = process.env.API_SECRET_KEY

  if (!validApiKey) {
    console.warn('API_SECRET_KEY not configured in environment variables')
    return false
  }

  return apiKey === validApiKey
}

/**
 * Returns unauthorized response
 */
export function unauthorizedResponse(): NextResponse {
  return NextResponse.json(
    {
      success: false,
      error: 'Unauthorized',
      message: 'Valid API key required. Include x-api-key header.'
    },
    { status: 401 }
  )
}

/**
 * Middleware helper to protect API routes
 */
export function requireAuth(request: NextRequest): NextResponse | null {
  if (!validateApiKey(request)) {
    return unauthorizedResponse()
  }
  return null
}