import jwt from 'jsonwebtoken'

export const JWT_SECRET = process.env.JWT_SECRET || 'dev-secret-change-in-production'
const ADMIN_PASSWORD  = process.env.ADMIN_PASSWORD || 'admin'

export function auth(req, res, next) {
  const token = req.headers.authorization?.split(' ')[1]
  if (!token) return res.status(401).json({ error: 'Not logged in' })
  try {
    req.user = jwt.verify(token, JWT_SECRET)
    next()
  } catch {
    res.status(401).json({ error: 'Session expired, please log in again' })
  }
}

export function adminAuth(req, res, next) {
  const pw = req.headers['x-admin-password']
  if (pw && pw === ADMIN_PASSWORD) return next()
  res.status(401).json({ error: 'Wrong admin password' })
}