import type { Response, NextFunction } from 'express'

import { defaultCacheControl } from '@/frame/middleware/cache-control'
import { ExtendedRequest } from '@/types'

/**
 * Middleware to handle malformed UTF-8 sequences in URLs that cause
 * decodeURIComponent to fail. This prevents crashes from malicious
 * requests containing invalid URL-encoded sequences like %FF.
 */
export default function handleMalformedUrls(
  req: ExtendedRequest,
  res: Response,
  next: NextFunction,
) {
  // Check URL for malformed UTF-8 sequences
  // Express/router doesn't catch these during initial parsing - they cause
  // crashes later when decodeURIComponent is called at the router level
  const url = req.originalUrl || req.url
  try {
    decodeURIComponent(url)
  } catch {
    // If any decoding fails, this is a malformed URL
    defaultCacheControl(res)
    res.setHeader('content-type', 'text/plain')
    res.status(400).send('Bad Request: Malformed URL')
    return
  }

  return next()
}