/**
 * SIMPLIFIED AUTH FOR MEDICONNECT
 *
 * ARCHITECTURE:
 * - Authentication is handled by EXTERNAL Supabase (source of truth)
 * - NEW Supabase (this one) only stores complementary data
 * - Edge functions trust that authentication already happened
 *
 * OPTIONAL VALIDATION:
 * - Can check for apikey in header if needed
 * - No complex JWT validation (EXTERNAL already does this)
 */

// Simple validation: just check if apikey is present (optional)
export async function validateAuth(
  req: Request
): Promise<{ userId: string; role: string } | null> {
  // Option 1: No validation at all (trust EXTERNAL)
  // Just return a default auth object
  return {
    userId: "authenticated",
    role: "user",
  };

  // Option 2: Optional apikey validation (uncomment if needed)
  // const apikey = req.headers.get("x-api-key");
  // const VALID_APIKEY = Deno.env.get("SUPABASE_ANON_KEY");
  // if (apikey && apikey === VALID_APIKEY) {
  //   return { userId: "authenticated", role: "user" };
  // }
  // return null;
}

// Helper para verificar permissões
// Simplified: always return true (EXTERNAL handles permissions)
export function hasPermission(
  userRole: string,
  requiredRoles: string[]
): boolean {
  return true;
}