use tonic::{Request, Status};

/// Validate the daemon token from the gRPC request metadata.
pub fn check_auth(req: &Request<()>, expected_token: &str) -> Result<(), Status> {
    let token = req
        .metadata()
        .get("authorization")
        .and_then(|v| v.to_str().ok())
        .and_then(|v| v.strip_prefix("Bearer "));

    match token {
        Some(t) if t == expected_token => Ok(()),
        _ => Err(Status::unauthenticated("Invalid or missing daemon token")),
    }
}