import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

export function middleware(req: NextRequest) {
  const { pathname } = req.nextUrl;

  // Allow public and framework paths without auth
  const allowlist = [
    '/login', // login page
   
  ];

  if (
    pathname.startsWith('/_next') ||
    pathname.startsWith('/static') ||
    pathname.startsWith('/assets') ||
   
    allowlist.some((p) => pathname === p || pathname.startsWith(p + '/')) ||
    // allow public files (images, css, etc.)
    /\.(jpg|jpeg|png|svg|ico|css|js|map)$/.test(pathname)
  ) {
    return NextResponse.next();
  }

  // For all other routes, require a token cookie
  const token = req.cookies.get('token')?.value;
  if (!token) {
    const url = req.nextUrl.clone();
    url.pathname = '/login';
    return NextResponse.redirect(url);
  }

  return NextResponse.next();
}

export const config = {
  matcher: ['/:path*'],
};