import { NextRequest, NextResponse } from "next/server"

function getBearerToken(req: NextRequest): string | null {
  const auth = req.headers.get("authorization")
  if (!auth) return null

  const [scheme, token] = auth.split(" ")
  if (scheme !== "Bearer" || !token) return null
  return token
}

export function requireFrontendServiceToken(req: NextRequest): NextResponse | null {
  const expectedToken = process.env.FRONTEND_TOKEN
  if (!expectedToken) {
    console.error("[public-api] FRONTEND_TOKEN is not configured")
    return NextResponse.json({ error: "Server misconfiguration" }, { status: 500 })
  }

  const token = getBearerToken(req)
  if (!token || token !== expectedToken) {
    return NextResponse.json({ error: "Unauthorized" }, { status: 401 })
  }

  return null
}