import type { Response, NextFunction } from 'express'

import statsd from '@/observability/lib/statsd'
import { defaultCacheControl } from '@/frame/middleware/cache-control'
import { ExtendedRequest } from '@/types'

const STATSD_KEY = 'middleware.handle_invalid_nextjs_paths'

export default function handleInvalidNextPaths(
  req: ExtendedRequest,
  res: Response,
  next: NextFunction,
) {
  // For example, `/_next/bin/junk.css`.
  // The reason for depending on checking NODE_ENV is that in development,
  // the Nextjs server will send things like /_next/static/webpack/...
  // or /_next/webpack-hmr.
  // In local dev, we don't get these penetration-testing looking requests.
  if (
    process.env.NODE_ENV !== 'development' &&
    ((req.path.startsWith('/_next/') && !req.path.startsWith('/_next/data')) ||
      req.query?.['__nextFallback'])
  ) {
    defaultCacheControl(res)

    const tags = [`path:${req.path}`]
    statsd.increment(STATSD_KEY, 1, tags)

    res.status(404).type('text').send('Not found')
    return
  }

  return next()
}