import { NextRequest, NextResponse } from 'next/server';

/**
 * Authentication middleware for admin API routes
 * Verifies that the request includes a valid admin session token
 */
export async function requireAdminAuth(request: NextRequest): Promise<NextResponse | null> {
    const authHeader = request.headers.get('x-admin-auth');

    if (!authHeader || authHeader !== 'authenticated') {
        return NextResponse.json(
            { error: 'Unauthorized - Admin authentication required' },
            { status: 401 }
        );
    }

    return null; // Auth successful
}

/**
 * Helper to verify admin password
 */
export async function verifyAdminPassword(password: string): Promise<boolean> {
    const bcrypt = await import('bcryptjs');

    // Validate that ADMIN_PASSWORD is set (security best practice)
    if (!process.env.ADMIN_PASSWORD) {
        console.error('SECURITY WARNING: ADMIN_PASSWORD environment variable is not set!');
        // Fallback to default hash only in development
        if (process.env.NODE_ENV === 'production') {
            throw new Error('ADMIN_PASSWORD environment variable is required in production');
        }
    }

    const adminPasswordHash = process.env.ADMIN_PASSWORD || '$2b$10$SHOt9G1qUNIvHoWre7499.eEtp5PtOII0daOQGNV.dhDEuPmOUdsq';
    return bcrypt.compare(password, adminPasswordHash);
}