import { ApiError } from "../errors";
import { env } from "../../config/env";
function extractAdminToken(req) {
    const raw = req.header("authorization") || "";
    if (raw.startsWith("Bearer ")) {
        return raw.slice(7);
    }
    return raw || req.header("x-admin-token") || "";
}
export function requireAdminToken(req, _res, next) {
    const token = extractAdminToken(req);
    if (!token) {
        return next(new ApiError("UNAUTHORIZED", "Missing admin bearer token", 401));
    }
    if (token !== env.ADMIN_TOKEN) {
        return next(new ApiError("UNAUTHORIZED", "Invalid admin token", 401));
    }
    return next();
}
export function requireDeviceToken(req, _res, next) {
    const raw = req.header("authorization") || "";
    const token = raw.startsWith("Bearer ") ? raw.slice(7) : raw;
    if (!token) {
        return next(new ApiError("UNAUTHORIZED", "Missing device bearer token", 401));
    }
    if (token !== env.DEVICE_TOKEN) {
        return next(new ApiError("UNAUTHORIZED", "Invalid device token", 401));
    }
    return next();
}