package middleware

import (
	"accounting-app/internal/config"
	"accounting-app/pkg/api"

	"github.com/gin-gonic/gin"
)

// AdminMiddleware provides admin authentication middleware
type AdminMiddleware struct {
	cfg *config.Config
}

// NewAdminMiddleware creates a new AdminMiddleware
func NewAdminMiddleware(cfg *config.Config) *AdminMiddleware {
	return &AdminMiddleware{
		cfg: cfg,
	}
}

// RequireAdminKey checks for the Admin-Secret-Key header
func (m *AdminMiddleware) RequireAdminKey() gin.HandlerFunc {
	return func(c *gin.Context) {
		key := c.GetHeader("X-Admin-Secret-Key")
		if key == "" {
			// Fallback to query param for easier testing
			key = c.Query("admin_secret")
		}

		if key != m.cfg.AdminSecretKey {
			api.Unauthorized(c, "Invalid or missing admin secret key")
			return
		}

		c.Next()
	}
}