package infra

import "net/http"

// SessionTokenExtract extracts a session token from the request.
// It checks the cookie named cookieName first; if present and non-empty,
// that value is returned. Otherwise it checks the Authorization header
// for a "Bearer <token>" prefix and returns the token part.
// Returns "" if no token is found in either source.
func SessionTokenExtract(r *http.Request, cookieName string) string {
	if c, err := r.Cookie(cookieName); err == nil && c.Value != "" {
		return c.Value
	}
	auth := r.Header.Get("Authorization")
	if len(auth) > 7 && auth[:7] == "Bearer " {
		return auth[7:]
	}
	return ""
}