import hashlib
import os


#region = os.environ['region']
#account_id = os.environ['account_id']
#api_id = os.environ['api_id']
pw_hash = os.environ['pw_hash']
#resource_arn = f"arn:aws:execute-api:{region}:{account_id}:{api_id}:/*/*/" # based on observed routeArn in event

def lambda_handler(event, context):
    # debug
    # print(f"Event received: {event}")
    # print(f"resource_arn: {resource_arn}")

    # Extract the token from headers
    token = event['headers'].get('authorization', '')

    # Check token validity
    is_authorized = token == pw_hash

    # Log for debugging
    print(f"Authorization status: {is_authorized}. Authorization token: {'*' * len(token)}")

    # Simple response
    return {
        "isAuthorized" : is_authorized
    }

    # IAM policy response, which is overkilled with no added benefit
    # to use IAM policy response, your api needs to have "enableSimpleResponses" : false
    # if is_authorized:
    #     return {
    #         "principalId" : "demo",
    #         "policyDocument": {
    #             "Version": "2012-10-17",
    #             "Statement": [{
    #                 "Action": "execute-api:Invoke",
    #                 "Effect": "Allow",
    #                 "Resource": event["routeArn"]
    #             }]
    #         }
    #     }
    # else:
    #     return {
    #         "principalId" : "demo",
    #         "policyDocument": {
    #             "Version": "2012-10-17",
    #             "Statement": [{
    #                 "Action": "*",
    #                 "Effect": "Deny",
    #                 "Resource": "*"
    #             }]
    #         }
    #     }