package rest

import (
	"net/http"

	"custodial/pkg/locker"

	"github.com/gin-gonic/gin"
)

func AuthMiddleware() gin.HandlerFunc {
	locker.Settings()
	apiMasterKey := locker.GetPrivateEnv("API_MASTER_KEY")
	return func(c *gin.Context) {
		if c.Request.Header.Get("Authorization") != apiMasterKey {
			c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "unauthorized"})
			return
		}
		c.Next()
	}
}