/**
 * Reusable authentication library
 * Configure users via environment variables in .env:
 * AUTH_USERS=user1:$2a$10$hash1,user2:$2a$10$hash2
 * 
 * Use scripts/generate-password.js to generate password hashes
 */

export interface User {
  username: string;
  password: string;
}

/**
 * Parse users from environment variable
 * Format: username:password,username2:password2
 */
export function getUsers(): User[] {
  const usersString = process.env.AUTH_USERS || '';
  if (!usersString) {
    console.warn('AUTH_USERS not configured in .env');
    return [];
  }
  return usersString
    .split(',')
    .map((userPair) => {
      const [username, password] = userPair.trim().split(':');
      return { username: username?.trim(), password: password?.trim() };
    })
    .filter((user) => user.username && user.password);
}

/**
 * Verify user credentials
 */
export function verifyCredentials(username: string, password: string): boolean {
  const users = getUsers();
  const user = users.find(u => u.username === username);
  if (!user) {
    return false;
  }
  return user.password === password;
}

/**
 * Check if authentication is enabled
 */
export function isAuthEnabled(): boolean {
  return !!process.env.AUTH_USERS;
}