import type { IncomingMessage, ServerResponse } from "node:http";

export const readExpectedToken = (): string => {
  return process.env.ANYTHINGLLM_DEVTOOLS_TOKEN?.trim() ?? "";
};

export const requireBearer = (
  req: IncomingMessage,
  res: ServerResponse,
  expected: string,
): boolean => {
  const h = req.headers.authorization ?? "";
  const match = /^Bearer\s+(.+)$/i.exec(h);
  const got = match?.[1]?.trim() ?? "";
  if (got !== expected) {
    res.writeHead(401, { "Content-Type": "application/json; charset=utf-8" });
    res.end(JSON.stringify({ error: "Unauthorized" }));
    return false;
  }
  return true;
};