/**
 * @module middleware
 * @description hooks-up `next-auth` into the page processing pipeline
 */

import { auth, authConfig, myAuth } from '@/app/lib/auth'
import createIntlMiddleware from 'next-intl/middleware';
import { NextRequest, NextResponse } from 'next/server';
import { locales, defaultLocale } from '@/app/i18n';
import { Session } from 'next-auth';

const intlMiddleware = createIntlMiddleware({
  locales,
  localePrefix: 'as-needed',
  defaultLocale
});

export default async function middleware(req: NextRequest) {
  // All routes under /home require authentication
  // Check if the path (after optional locale prefix) starts with /home
  const homeRouteRegex = RegExp(
    `^(/(${locales.join('|')}))?/home(/.*)?$`,
    'i'
  );
  const isProtectedPage = homeRouteRegex.test(req.nextUrl.pathname);

  // For protected pages (under /home), verify authentication
  // This is not an official way to do it - it's a hack
  // based on https://github.com/nextauthjs/next-auth/discussions/8961
  // The official way of chaining middlewares in AuthJS v5 does not work and is not fully documented
  if (isProtectedPage) {

    const session = await myAuth();

    if (!session) {
      const signInUrl = `${req.nextUrl.protocol}//${req.nextUrl.hostname}${req.nextUrl.port ? `:${req.nextUrl.port}` : ''}${authConfig.pages?.signIn as string}`;
      return NextResponse.redirect( signInUrl  );
    }
  }

  return intlMiddleware(req);
}

export const config = {
  // for these paths middleware will not be called
  // `pdf.worker.min.mjs` is a web worker code used by pdf.js
  // `*.wasm` files are WebAssembly modules used by zxing-wasm
  matcher: [
    '/((?!api|_next/static|_next/image|.*\\.png$|pdf.worker.min.mjs$|.*\\.wasm$|.*\\.webm$).*)',
  ],
};