import { NextResponse } from "next/server";

const checkAuthentication = async () => {
  // Replace this logic with your actual authentication check.
  const isAuthenticated = false; // Check if the user is authenticated.
  return isAuthenticated;
};

export async function middleware(req) {
  const headers = new Headers(req.headers);
  headers.set("X-XSS-Protection", "1; mode=block");
  headers.set("X-Frame-Options", "SAMEORIGIN");
  headers.set("Content-Security-Policy", "frame-ancestors 'same';");

  const { origin, pathname } = req.nextUrl;

  try {
    const authenticated = await checkAuthentication();

    if (pathname === "/auth/login" && authenticated) {
      return NextResponse.redirect(new URL("/ecommerce"));
    }

    if (authenticationPages.includes(pathname) && !authenticated) {
      return NextResponse.redirect(new URL("/auth/login", origin));
    }

    return NextResponse.next();
  } catch (error) {
    console.error("Error during authentication check:", error);
    return NextResponse.error();
  }
}

export const config = {
  matcher: "/",
};

const authenticationPages = [
  "/",
  "/auth",
  "/auth/login",
  "/auth/sign-up",
  "/auth/forgot-password",
  "/auth/lock-screen",
  "/auth/confirm-mail",
  "/auth/logout",
];