package middleware

import (
	"net/http"
	"strings"

	"github.com/gin-gonic/gin"
)

func InternalAuthMiddleware(expectedToken string) gin.HandlerFunc {
	expectedToken = strings.TrimSpace(expectedToken)
	return func(c *gin.Context) {
		if expectedToken == "" {
			c.Next()
			return
		}

		token := strings.TrimSpace(c.GetHeader("X-Internal-Token"))
		if token == "" || token != expectedToken {
			c.JSON(http.StatusUnauthorized, gin.H{"error": "invalid internal token"})
			c.Abort()
			return
		}
		c.Next()
	}
}