import { type NextRequest, NextResponse } from 'next/server';

/**
 * Returns true if the request carries a valid API token.
 * Accepts token via `?token=` query param or `Authorization: Bearer <token>` header.
 */
export function isAuthorized(req: NextRequest): boolean {
  const expected = process.env.API_TOKEN;
  if (!expected) return false;

  const queryToken = req.nextUrl.searchParams.get('token');
  if (queryToken === expected) return true;

  const authHeader = req.headers.get('authorization');
  if (authHeader === `Bearer ${expected}`) return true;

  return false;
}

export function unauthorized(): NextResponse {
  return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });
}