import { NextResponse } from "next/server";
import type { NextRequest } from "next/server";
import { getPermision } from "./lib/getPermisions";

export function middleware(req: NextRequest) {
  const token = req.cookies.get("access_token")?.value;
  const { pathname } = req.nextUrl;

  const isAdminRoute = pathname.startsWith("/admin");
  const isLoginPage = pathname.startsWith("/login");

  // 🚫 block user if not logged in or not admin
  if (isAdminRoute && ( !token || !getPermision(req).includes("Admin") )) {
    return NextResponse.redirect(new URL("/login", req.url));
  }

  // 🔁 prevent logged-in users from seeing login page
  if (isLoginPage && token && getPermision(req).includes("Admin")) {
    return NextResponse.redirect(new URL("/admin/create-news", req.url));
  }

  return NextResponse.next();
}