import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

const publicPaths = ['/login', '/register', '/search', '/auth/callback'];

const publicExactPaths = ['/'];

export function middleware(request: NextRequest) {
  const { pathname } = request.nextUrl;

  const isPublicPath =
    publicExactPaths.includes(pathname) ||
    publicPaths.some((path) => pathname.startsWith(path));

  // We check for the token cookie or rely on client-side auth store.
  // For SSR-safe auth, check a lightweight cookie set by the client after login.
  const hasAuthCookie = request.cookies.has('goodgo_authenticated');

  if (!isPublicPath && !hasAuthCookie) {
    const loginUrl = new URL('/login', request.url);
    loginUrl.searchParams.set('redirect', pathname);
    return NextResponse.redirect(loginUrl);
  }

  const isAuthOnlyPath = ['/login', '/register'].some((path) => pathname.startsWith(path));
  if (isAuthOnlyPath && hasAuthCookie) {
    return NextResponse.redirect(new URL('/dashboard', request.url));
  }

  return NextResponse.next();
}

export const config = {
  matcher: ['/((?!api|_next/static|_next/image|favicon.ico|public).*)'],
};