import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";

const SESSION_COOKIE_NAME = "mission_control_session";

// Public routes that don't require authentication
const publicRoutes = ["/login", "/reset-password"];

export async function middleware(request: NextRequest) {
  const { pathname } = request.nextUrl;
  
  // Allow public routes
  if (publicRoutes.some(route => pathname.startsWith(route))) {
    return NextResponse.next();
  }
  
  // Check for session cookie
  const sessionToken = request.cookies.get(SESSION_COOKIE_NAME)?.value;
  
  if (!sessionToken) {
    // Redirect to login if no session
    const loginUrl = new URL("/login", request.url);
    return NextResponse.redirect(loginUrl);
  }
  
  // Session exists, allow the request
  return NextResponse.next();
}

export const config = {
  matcher: [
    // Match all routes except static files, api routes, and Next.js internals
    "/((?!_next/static|_next/image|favicon.ico|api/|.*\\.).*)",
  ],
};