import { CanActivate, ExecutionContext, Injectable, HttpException } from '@nestjs/common';
import { ConfigService } from '@nestjs/config';

@Injectable()
export class MaintGuard implements CanActivate {
    private readonly otp: string;

    constructor(private config: ConfigService) {
        this.otp = process.env.MAINT_OTP ?? '400168';
    }

    canActivate(context: ExecutionContext): boolean {
        const request = context.switchToHttp().getRequest();
        const provided = request.headers['x-maint-otp'] ?? request.body?.otp;
        if (!provided || provided !== this.otp) {
            throw new HttpException('Invalid maintenance OTP', 403);
        }
        return true;
    }
}