import createIntlMiddleware from 'next-intl/middleware';
import { NextResponse } from 'next/server';
import type { NextRequest } from 'next/server';

import { routing } from './i18n/routing';

const intlMiddleware = createIntlMiddleware(routing);

export async function proxy(request: NextRequest) {
  const basicAuthResponse = await enforceBasicAuth(request);
  if (basicAuthResponse) {
    return basicAuthResponse;
  }

  return intlMiddleware(request);
}

async function enforceBasicAuth(request: NextRequest): Promise<NextResponse | null> {
  const isProduction = process.env.NEXT_PUBLIC_ENV === 'production';
  const isTest = process.env.NEXT_PUBLIC_ENV === 'test';

  if (isProduction) {
    return null;
  }

  const username = process.env.BASIC_AUTH_USER;
  const password = process.env.BASIC_AUTH_PASS;

  if (!username || !password) {
    console.warn('Basic auth credentials not configured');
    return null;
  }

  const basicAuth = Buffer.from(`${username}:${password}`).toString('base64');
  const authHeader = request.headers.get('authorization');

  if (authHeader !== `Basic ${basicAuth}`) {
    return new NextResponse('Authentication Required', {
      status: 401,
      headers: {
        'WWW-Authenticate': `Basic realm="${
          isTest ? 'Test Environment' : 'Development Environment'
        }"`,
      },
    });
  }

  return null;
}

export const config = {
  matcher: [
    '/((?!api|_next/static|_next/image|assets|fonts|graph|favicon.ico|robots.txt|sitemap.xml|google.*\\.html).*)',
  ],
};