"use server"
import { NextRequest, NextResponse } from "next/server";
import { verifyJwt } from "app/api/auth/actions";

const protectedRoutes = ['/story', '/submission', '/publication']

// Function to match the * wildcard character
function matchesWildcard(path: string, pattern: string): boolean {
	if (pattern.endsWith('/*')) {
		const basePattern = pattern.slice(0, -2);
		return path.startsWith(basePattern);
	}
	return path === pattern;
}

export default async function(request: NextRequest) {
	// const url = `${process.env.NEXT_PUBLIC_BASE_URL}/login?redirect=${request.nextUrl.pathname + request.nextUrl.search}`
	const url = request.nextUrl.clone()
	url.pathname = "/login"

	if (protectedRoutes.some(pattern => matchesWildcard(request.nextUrl.pathname, pattern))) {
		const token = request.cookies.get('token')

		//NOTE - may need to add logic to return 401 for api routes

		if (!token) {
			return NextResponse.redirect(url)
		}

		try {
			//decode and verify jwt cookie
			const jwtIsVerified = await verifyJwt(token.value)

			if (!jwtIsVerified) {
				//delete token
				request.cookies.delete('token')
				return NextResponse.redirect(url)
			}
		} catch {
			//delete token (failsafe)
			request.cookies.delete('token')
			return NextResponse.redirect(url)
		}

		//redirect from login if already logged in
		let redirectToApp = false
		if (request.nextUrl.pathname === "/login") {
			const token = request.cookies.get("token")
			if (token) {
				try {
					const payload = await verifyJwt(token.value)
					if (payload) {
						redirectToApp = true
					} else {
						request.cookies.delete('token')
					}
				} catch (error) {
					request.cookies.delete('token')
				}
			}
		}

		if (redirectToApp) {
			return NextResponse.redirect(`${process.env.NEXT_PUBLIC_BASE_URL}/submission`)
		} else {
			return NextResponse.next()
		}




	}
}