import { Injectable, CanActivate, ExecutionContext } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';
import { Request } from 'express';
import { timingSafeEqual } from 'crypto';

@Injectable()
export class IcynetGuard implements CanActivate {
  constructor(private config: ConfigService) {}

  async canActivate(context: ExecutionContext): Promise<boolean> {
    const request = context.switchToHttp().getRequest<Request>();
    const authHeader = request.headers.authorization;

    if (!authHeader) return false;

    const [base, token] = authHeader.split(' ');
    if (!base || base.toLowerCase() !== 'bearer' || !token) return false;

    const configured = this.config.get<string>('icynetKey');

    return timingSafeEqual(Buffer.from(token), Buffer.from(configured));
  }
}