"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.basicAuth = basicAuth;
const AUTH_USERNAME = process.env.SERVER_USERNAME || 'admin';
const AUTH_PASSWORD = process.env.SERVER_PASSWORD || 'aidio2024';
function basicAuth(req, res, next) {
    // Allow login/check endpoints and all non-API routes (static files, HTML)
    if (req.path === '/api/auth/login' || req.path === '/api/auth/check' || !req.path.startsWith('/api/')) {
        next();
        return;
    }
    // Support token via query param for SSE (EventSource doesn't support custom headers)
    let authHeader = req.headers.authorization;
    if (!authHeader && req.query.token) {
        const token = Array.isArray(req.query.token) ? req.query.token[0] : req.query.token;
        authHeader = `Basic ${token}`;
    }
    if (!authHeader || !authHeader.startsWith('Basic ')) {
        res.setHeader('WWW-Authenticate', 'Basic realm="Audio Description Server"');
        res.status(401).json({ error: 'Authentication required' });
        return;
    }
    const credentials = Buffer.from(authHeader.slice(6), 'base64').toString('utf-8');
    const [username, password] = credentials.split(':');
    if (username === AUTH_USERNAME && password === AUTH_PASSWORD) {
        next();
        return;
    }
    res.setHeader('WWW-Authenticate', 'Basic realm="Audio Description Server"');
    res.status(401).json({ error: 'Invalid credentials' });
}
//# sourceMappingURL=auth.js.map