<?php

namespace App\Auth;

use App\Models\ApiKey;
use App\Models\GatewayUser;
use Illuminate\Auth\GuardHelpers;
use Illuminate\Contracts\Auth\Guard;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;

class ApiKeyGuard implements Guard
{
    use GuardHelpers;

    protected $request;
    protected $provider;

    public function __construct($provider, Request $request)
    {
        $this->provider = $provider;
        $this->request = $request;
    }

    public function user()
    {
        // Return cached user if already authenticated
        if ($this->user !== null) {
            return $this->user;
        }

        // Get API key from header: Authorization: Bearer llmg_xxx
        $apiKey = $this->request->bearerToken();
        
        if (!$apiKey) {
            return null;
        }

        // Find API key record in database (using token field)
        $keyRecord = \DB::table('api_keys')
            ->where('token', $apiKey)
            ->first();

        if (!$keyRecord) {
            return null;
        }

        // Check if key has expired
        if ($keyRecord->expires && now()->isAfter($keyRecord->expires)) {
            return null;
        }

        // Update last used timestamp
        \DB::table('api_keys')
            ->where('token', $apiKey)
            ->update(['updated_at' => now()]);

        // Return the gateway user
        $this->user = GatewayUser::find($keyRecord->gateway_user_id);
        
        return $this->user;
    }

    public function validate(array $credentials = [])
    {
        return $this->user() !== null;
    }
}