const authHeadersByTab = new Map()
const AUTH_HEADER_NAMES = new Set(['authorization', 'x-api-key', 'api-key'])

function rememberHeader(tabId, entry) {
  if (tabId < 0) return
  const rows = authHeadersByTab.get(tabId) || []
  const dedupKey = `${entry.type}:${entry.value}:${entry.url}`
  if (!rows.some((item) => `${item.type}:${item.value}:${item.url}` === dedupKey)) {
    rows.unshift(entry)
  }
  authHeadersByTab.set(tabId, rows.slice(0, 50))
}

chrome.webRequest.onBeforeSendHeaders.addListener(
  (details) => {
    const headers = details.requestHeaders || []
    for (const header of headers) {
      const name = String(header.name || '').toLowerCase()
      const value = String(header.value || '').trim()
      if (!AUTH_HEADER_NAMES.has(name) || !value) continue
      rememberHeader(details.tabId, {
        type: name === 'authorization' ? 'authorization' : 'api_key',
        value,
        url: details.url || '',
      })
    }
  },
  { urls: ['<all_urls>'] },
  ['requestHeaders', 'extraHeaders'],
)

chrome.tabs.onRemoved.addListener((tabId) => {
  authHeadersByTab.delete(tabId)
})

chrome.runtime.onMessage.addListener((message, sender, sendResponse) => {
  if (message?.type !== 'get-auth-headers') return false
  const tabId = Number(message.tabId)
  const origin = String(message.origin || '')
  const rows = authHeadersByTab.get(tabId) || []
  const filtered = origin
    ? rows.filter((item) => String(item.url || '').startsWith(origin))
    : rows
  sendResponse({ auth_headers: filtered })
  return true
})