import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

export function middleware(req: NextRequest) {
  const path = req.nextUrl.pathname;

  // Public routes that don't require authentication
  const publicPaths = [
    '/',
    '/pricing',
    '/faq',
    '/blog',
    '/login',
    '/signup',
    '/privacy',
    '/newsletter',
    '/tools',
    '/qr-code-erstellen',
  ];

  // Check if path is public
  const isPublicPath = publicPaths.some(p => path === p || path.startsWith(p + '/'));

  // Allow API routes
  if (path.startsWith('/api/')) {
    return NextResponse.next();
  }

  // Allow redirect routes (QR code redirects)
  if (path.startsWith('/r/')) {
    return NextResponse.next();
  }

  // Allow static files
  if (path.includes('.') || path.startsWith('/_next')) {
    return NextResponse.next();
  }

  // Allow public paths
  if (isPublicPath) {
    return NextResponse.next();
  }

  // For protected routes, check for userId cookie
  const userId = req.cookies.get('userId')?.value;

  if (!userId) {
    // Not authenticated - redirect to signup
    const signupUrl = new URL('/signup', req.url);
    return NextResponse.redirect(signupUrl);
  }

  // Authenticated - allow access
  return NextResponse.next();
}

export const config = {
  matcher: [
    /*
     * Match all request paths except for the ones starting with:
     * - _next/static (static files)
     * - _next/image (image optimization files)
     * - favicon.ico (favicon file)
     * - public folder
     */
    '/((?!_next/static|_next/image|favicon.ico|logo.svg|og-image.png).*)',
  ],
};