import { Request, Response, NextFunction } from 'express';

/**
 * Middleware to ensure only project keys can access generation endpoints
 * Master keys are for admin purposes only
 */
export function requireProjectKey(
  req: Request,
  res: Response,
  next: NextFunction
): void {
  // This middleware assumes validateApiKey has already run and attached req.apiKey
  if (!req.apiKey) {
    res.status(401).json({
      error: 'Authentication required',
      message: 'API key validation must be performed first',
    });
    return;
  }

  // Block master keys from generation endpoints
  if (req.apiKey.keyType === 'master') {
    res.status(403).json({
      error: 'Forbidden',
      message: 'Master keys cannot be used for image generation. Please use a project-specific API key.',
    });
    return;
  }

  // Ensure project key has required IDs
  if (!req.apiKey.projectId) {
    res.status(400).json({
      error: 'Invalid API key',
      message: 'Project key must be associated with a project',
    });
    return;
  }

  console.log(`[${new Date().toISOString()}] Project key validated for generation: ${req.apiKey.id}`);

  next();
}