import { NextRequest, NextResponse } from "next/server"

const publicApiRoutes = [
  "/api/auth/login",
]

const publicPages = [
  "/login",
]

export function middleware(request: NextRequest) {
  const { pathname } = request.nextUrl
  const token = request.cookies.get("auth_token")?.value

  const isApiRoute = pathname.startsWith("/api")
  const isPublicApi = publicApiRoutes.some(route =>
    pathname.startsWith(route)
  )

  // -----------------------
  // 🔹 ROOT HANDLING
  // -----------------------
  if (pathname === "/") {
    if (token) {
      return NextResponse.redirect(
        new URL("/recruitment", request.url)
      )
    }
    return NextResponse.redirect(
      new URL("/login", request.url)
    )
  }

  // -----------------------
  // 🔹 API PROTECTION
  // -----------------------
  if (isApiRoute) {
    if (isPublicApi) return NextResponse.next()

    if (!token) {
      return NextResponse.json(
        { error: "Unauthorized" },
        { status: 401 }
      )
    }

    return NextResponse.next()
  }

  // -----------------------
  // 🔹 PAGE PROTECTION
  // -----------------------

  // Logged in & accessing login
  if (token && pathname === "/login") {
    return NextResponse.redirect(
      new URL("/recruitment", request.url)
    )
  }

  // Not logged in & accessing protected pages
  if (!token && !publicPages.includes(pathname)) {
    return NextResponse.redirect(
      new URL("/login", request.url)
    )
  }

  return NextResponse.next()
}

export const config = {
  matcher: [
    "/",
    "/login",
    "/recruitment/:path*",
    "/api/:path*",
  ],
}