const bcrypt = require('bcrypt');

function authMiddleware(req, res, next) {
    const header = req.headers['authorization'];

    if (!header || !header.startsWith('Basic ')) {
        return res.status(401).json({ error: 'Authentication required' });
    }

    const [user, pass] = Buffer.from(header.slice(6), 'base64').toString().split(':');
    const expectedUser = process.env.LOGIN_USER;
    const expectedHash = process.env.LOGIN_PASSWORD_HASH;

    if (!expectedUser || !expectedHash) {
        return res.status(500).json({ error: 'Login credentials not configured — run manage.py option 9' });
    }

    if (user !== expectedUser) {
        return res.status(401).json({ error: 'Invalid credentials' });
    }

    bcrypt.compare(pass, expectedHash, (err, match) => {
        if (err || !match) return res.status(401).json({ error: 'Invalid credentials' });
        next();
    });
}

module.exports = authMiddleware;