import bcrypt from 'bcryptjs';

export interface User {
  username: string;
  password: string;
}

export function getUsers(): User[] {
  const usersString = process.env.AUTH_USERS || '';
  if (!usersString) {
    console.warn('AUTH_USERS not configured in .env');
    return [];
  }
  return usersString
    .split(',')
    .map((userPair) => {
      const [username, password] = userPair.trim().split(':');
      return { username: username?.trim(), password: password?.trim() };
    })
    .filter((user) => user.username && user.password);
}

export async function verifyCredentials(username: string, password: string): Promise<boolean> {
  const users = getUsers();
  const user = users.find(u => u.username === username);
  if (!user) {
    return false;
  }
  return bcrypt.compare(password, user.password);
}

export function isAuthEnabled(): boolean {
  return !!process.env.AUTH_USERS;
}