// Swagger UI authentication banner
// This banner explains the cookie + CSRF authentication flow
(function() {
  window.addEventListener('load', function() {
    const banner = document.createElement('div');
    banner.style.cssText = `
      background: #fff3cd;
      border: 1px solid #ffc107;
      border-radius: 4px;
      padding: 12px 16px;
      margin: 16px;
      font-family: sans-serif;
      font-size: 14px;
      line-height: 1.5;
      color: #856404;
    `;
    banner.innerHTML = `
      <strong>Authentication Required for Most Endpoints</strong><br>
      sofarr uses cookie-based authentication with Emby/Jellyfin. To test authenticated endpoints:<br>
      1. Call <code>POST /api/auth/login</code> with your username and password<br>
      2. The server sets an <code>emby_user</code> cookie and <code>csrf_token</code> cookie<br>
      3. Include these cookies in subsequent requests<br>
      4. For state-changing operations (POST/PUT/PATCH/DELETE), also send the <code>X-CSRF-Token</code> header<br>
      <br>
      <em>Note: The Swagger UI "Authorize" button is not used. Authentication is handled via cookies.</em>
    `;
    
    // Insert after the topbar (which we hide with CSS) or at the top of the info section
    const info = document.querySelector('.info');
    if (info) {
      info.insertBefore(banner, info.firstChild);
    }
  });
})();